Debian GNU/Linux
Debian Security Advisory DSA 980-1 [email protected]
http://www.debian.org/security/
Moritz Muehlenhoff
February 22nd, 2006 http://www.debian.org/security/faq
Package : tutos
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2004-2161 CVE-2004-2162
Debian Bug : 318633
Joxean Koret discovered several security problems in tutos, a
web-based team organization software. The Common Vulnerabilities
and Exposures Project identifies the following problems:
CVE-2004-2161
An SQL injection vulnerability allows the execution of SQL
commands through the link_id parameter in file_overview.php.
CVE-2004-2162
Cross-Site-Scripting vulnerabilities in the search function of
the address book and in app_new.php allow the execution of web
script code.
The old stable distribution (woody) does not contain tutos
packages.
For the stable distribution (sarge) these problems have been
fixed in version 1.1.20031017-2+1sarge1.
The unstable distribution (sid) does no longer contain tutos
packages.
We recommend that you upgrade your tutos package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.dsc
Size/MD5 checksum: 575
7babaefc5a7e57afc2fb421d5829c4cf
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1.tar.gz
Size/MD5 checksum: 4955293
c9c539f0d5504d69377e326870db18c3
Architecture independent components:
http://security.debian.org/pool/updates/main/t/tutos/tutos_1.1.20031017-2+1sarge1_all.deb
Size/MD5 checksum: 4760050
39bb9b2f3e9655c7060f04a5dac83e09
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200602-11
Severity: Low
Title: OpenSSH, Dropbear: Insecure use of system() call
Date: February 20, 2006
Bugs: #119232
ID: 200602-11
Synopsis
A flaw in OpenSSH and Dropbear allows local users to elevate
their privileges via scp.
Background
OpenSSH is a free application suite consisting of server and
clients that replace tools like telnet, rlogin, rcp and ftp with
more secure versions offering additional functionality. Dropbear is
an SSH server and client designed with a small memory footprint
that includes OpenSSH scp code.
Affected packages
Package / Vulnerable / Unaffected
1 net-misc/openssh < 4.2_p1-r1 >= 4.2_p1-r1
2 net-misc/dropbear < 0.47-r1 >= 0.47-r1
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
Description
To copy from a local filesystem to another local filesystem, scp
constructs a command line using ‘cp’ which is then executed via
system(). Josh Bressers discovered that special characters are not
escaped by scp, but are simply passed to the shell.
Impact
By tricking other users or applications to use scp on
maliciously crafted filenames, a local attacker user can execute
arbitrary commands with the rights of the user running scp.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-4.2_p1-r1"
All Dropbear users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dropbear-0.47-r1"
References
[ 1 ] CVE-2006-0225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200602-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:045
http://www.mandriva.com/security/
Package : MySQL
Date : February 21, 2006
Affected: 10.2
Problem Description:
Eric Romang discovered a temporary file vulnerability in the
mysql_install_db script provided with MySQL. This vulnerability
only affects versions of MySQL 4.1.x prior to 4.1.12.
The updated packages have been patched to address this
issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1636
Updated Packages:
Mandriva Linux 10.2:
68b34c38c82c27ca31d2baed83a7353c
10.2/RPMS/libmysql14-4.1.11-1.2.102mdk.i586.rpm
ff2aa669f4ac39b918d83203269e5bab
10.2/RPMS/libmysql14-devel-4.1.11-1.2.102mdk.i586.rpm
87c04e7a4c16c9cdbe11a4d51ba41b84
10.2/RPMS/MySQL-4.1.11-1.2.102mdk.i586.rpm
26df457cfe6a2297f638e160bbb083d4
10.2/RPMS/MySQL-bench-4.1.11-1.2.102mdk.i586.rpm
a1cd9ffd2a5e9a34c0c2165d63487b8c
10.2/RPMS/MySQL-client-4.1.11-1.2.102mdk.i586.rpm
cd993f9f7f10d0d8386aae1e518501c9
10.2/RPMS/MySQL-common-4.1.11-1.2.102mdk.i586.rpm
e4fe37ca45a8709e87756406887fdc70
10.2/RPMS/MySQL-Max-4.1.11-1.2.102mdk.i586.rpm
0c59d5a6a5e30db8c598efb61a7a3fb9
10.2/RPMS/MySQL-NDB-4.1.11-1.2.102mdk.i586.rpm
b947fbe93342addf36358ca650974636
10.2/SRPMS/MySQL-4.1.11-1.2.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
774f3aa1d7038fcc14a6a679773f7dba
x86_64/10.2/RPMS/lib64mysql14-4.1.11-1.2.102mdk.x86_64.rpm
1df660a23ca509283468f7b8db1ad86f
x86_64/10.2/RPMS/lib64mysql14-devel-4.1.11-1.2.102mdk.x86_64.rpm
df70950e1bc6c33ea49968b0f965c01e
x86_64/10.2/RPMS/MySQL-4.1.11-1.2.102mdk.x86_64.rpm
67b8d7f07343184737f4ad96b52e01d3
x86_64/10.2/RPMS/MySQL-bench-4.1.11-1.2.102mdk.x86_64.rpm
f78f0e0a7d20f0899b606946a6dbbad0
x86_64/10.2/RPMS/MySQL-client-4.1.11-1.2.102mdk.x86_64.rpm
6c6b4c3f4984bb2ad12cfeb729722e48
x86_64/10.2/RPMS/MySQL-common-4.1.11-1.2.102mdk.x86_64.rpm
06662ba4375fee0ef1e3b246fd2273a4
x86_64/10.2/RPMS/MySQL-Max-4.1.11-1.2.102mdk.x86_64.rpm
7f7ebae4d154a6f0adecc76fa03abc2b
x86_64/10.2/RPMS/MySQL-NDB-4.1.11-1.2.102mdk.x86_64.rpm
b947fbe93342addf36358ca650974636
x86_64/10.2/SRPMS/MySQL-4.1.11-1.2.102mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Mandriva Linux Security Advisory MDKSA-2006:046
http://www.mandriva.com/security/
Package : tar
Date : February 21, 2006
Affected: 10.1, 10.2, 2006.0
Problem Description:
Gnu tar versions 1.14 and above have a buffer overflow
vulnerability and some other issues including:
- Carefully crafted invalid headers can cause buffer
overrun. - Invalid header fields go undiagnosed.
- Some valid time strings are ignored.
The updated packages have been patched to address this
issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300
Updated Packages:
Mandriva Linux 10.1:
8bd49b5e60e1736e771e3907789e37bb
10.1/RPMS/tar-1.14-1.1.101mdk.i586.rpm
57dc0115bfe997451de8d05375785395
10.1/SRPMS/tar-1.14-1.1.101mdk.src.rpm
Mandriva Linux 10.1/X86_64:
c4ad8f0250fef5da4ba2f9097c6190e2
x86_64/10.1/RPMS/tar-1.14-1.1.101mdk.x86_64.rpm
57dc0115bfe997451de8d05375785395
x86_64/10.1/SRPMS/tar-1.14-1.1.101mdk.src.rpm
Mandriva Linux 10.2:
91ad7217d416f4d07536a08c6762fd8d
10.2/RPMS/tar-1.15.1-2.1.102mdk.i586.rpm
efd8210667f158419143b243c1ee01d7
10.2/SRPMS/tar-1.15.1-2.1.102mdk.src.rpm
Mandriva Linux 10.2/X86_64:
edc3e1b3eec8c5f52aa29c6f7351f563
x86_64/10.2/RPMS/tar-1.15.1-2.1.102mdk.x86_64.rpm
efd8210667f158419143b243c1ee01d7
x86_64/10.2/SRPMS/tar-1.15.1-2.1.102mdk.src.rpm
Mandriva Linux 2006.0:
5300c6bc1aa290f2a8efffff2b3e8b27
2006.0/RPMS/tar-1.15.1-5.1.20060mdk.i586.rpm
275c24b2288e5b9c57d5a1bdef4798ad
2006.0/SRPMS/tar-1.15.1-5.1.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
2c7378971d6b87fad153b8667e800b00
x86_64/2006.0/RPMS/tar-1.15.1-5.1.20060mdk.x86_64.rpm
275c24b2288e5b9c57d5a1bdef4798ad
x86_64/2006.0/SRPMS/tar-1.15.1-5.1.20060mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>