---

Home Security

Advisories, January 30, 2006

By

Debian GNU/Linux

Debian Security Advisory DSA 951-2 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 30th, 2006 http://www.debian.org/security/faq

Package : trac
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2005-4065 CVE-2005-4644
BugTraq IDs : 15720 16198
Debian Bug : 348791

This update corrects the search feature in trac, an enhanced
wiki and issue tracking system for software development projects,
which broke with the last security update. For completeness please
find below the original advisory text:

Several vulnerabilies have been discovered in trac, an enhanced
wiki and issue tracking system for software development projects.
The Common Vulnerabilities and Exposures project identifie the
following problems:

CVE-2005-4065

Due to missing input sanitising it is possible to inject
arbitrary SQL code into the SQL statements.

CVE-2005-4644

A cross-site scripting vulnerability has been discovered that
allows remote attackers to inject arbitrary web script or HTML.

The old stable distribution (woody) does not contain trac
packages.

For the stable distribution (sarge) these problems have been
fixed in version 0.8.1-3sarge4.

For the unstable distribution (sid) these problems have been
fixed in version 0.9.3-1.

We recommend that you upgrade your trac package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.dsc

      Size/MD5 checksum: 656
2afc7d22430b36a751b23c4bf140777c
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4.diff.gz

      Size/MD5 checksum: 12886
2f5cbdedc833e862f328b70c88ad6f4f
    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz

      Size/MD5 checksum: 236791
1b6c44fae90c760074762b73cdc88c8d

Architecture independent components:

    http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge4_all.deb

      Size/MD5 checksum: 198590
a06bca97069edda61ab12ed76caf9a5c

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 959-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 30th, 2006 http://www.debian.org/security/faq

Package : unalz
Vulnerability : buffer overflow
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-3862
Debian Bug : 340842

Ulf Hürnhammer from the Debian Audit Project discovered
that unalz, a decompressor for ALZ archives, performs insufficient
bounds checking when parsing file names. This can lead to arbitrary
code execution if an attacker provides a crafted ALZ archive.

The old stable distribution (woody) does not contain unalz.

For the stable distribution (sarge) this problem has been fixed
in version 0.30.1

For the unstable distribution (sid) this problem will be fixed
soon.

We recommend that you upgrade your unalz package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.dsc

      Size/MD5 checksum: 505
6946e7c6ae2e663674cb968a17517d6b
    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1.tar.gz

      Size/MD5 checksum: 108993
9b45066980a87f11db43f24b0756be33

Alpha architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_alpha.deb

      Size/MD5 checksum: 54350
5cf460c260a651fa6c48a39a350fea19

AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_amd64.deb

      Size/MD5 checksum: 47924
21585b3182e29c28c4871bd75d2b8565

ARM architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_arm.deb

      Size/MD5 checksum: 49050
7e2bb36975ff0f6e601be3c4ac5de5a9

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_i386.deb

      Size/MD5 checksum: 42794
c9ca20d6840ca8381eee1dcfa34ad89a

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_ia64.deb

      Size/MD5 checksum: 77534
4e626bf47842d551ed1761336259fcfe

HP Precision architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_hppa.deb

      Size/MD5 checksum: 51558
34d2c5c50af71e9ade2c3b608041cbc5

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_m68k.deb

      Size/MD5 checksum: 42514
747eeb6b49dc1c7e43f6d0e4034fa2c7

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mips.deb

      Size/MD5 checksum: 54364
9e797dbb849cbe5f65f61d5e052902e5

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_mipsel.deb

      Size/MD5 checksum: 53938
aef1b01344791cdefed5f837b66bf9aa

PowerPC architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_powerpc.deb

      Size/MD5 checksum: 45412
621dafe9070b461d0f86655a1dda9507

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_s390.deb

      Size/MD5 checksum: 49970
2f6a285270fcd8084f9e2948e87ebfc4

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/u/unalz/unalz_0.30.1_sparc.deb

      Size/MD5 checksum: 46612
2142655456c03385e69d156a7831005c

These files will probably be moved into the stable distribution
on its next update.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200601-15

http://security.gentoo.org/

Severity: High
Title: Paros: Default administrator password
Date: January 29, 2006
Bugs: #120352
ID: 200601-15

Synopsis

Paros’s database component is installed without a password,
allowing execution of arbitrary system commands.

Background

Paros is an intercepting proxy between a web server and a client
meant to be used for security assessments. It allows the user to
watch and modify the HTTP(S) traffic.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  net-proxy/paros      <= 3.2.5                             > 3.2.5

Description

Andrew Christensen discovered that in older versions of Paros
the database component HSQLDB is installed with an empty password
for the database administrator “sa”.

Impact

Since the database listens globally by default, an attacker can
connect and issue arbitrary commands, including execution of
binaries installed on the host.

Workaround

There is no known workaround at this time.

Resolution

All Paros users should upgrade to the latest version:

    # emerge --snyc
    # emerge --ask --oneshot --verbose ">=net-proxy/paros-3.2.8"

References

[ 1 ] CVE-2005-3280

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3280

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-15.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200601-16

http://security.gentoo.org/

Severity: Normal
Title: MyDNS: Denial of Service
Date: January 30, 2006
Bugs: #119548
ID: 200601-16

Synopsis

MyDNS contains a vulnerability that may lead to a Denial of
Service attack.

Background

MyDNS is a DNS server using a MySQL database as a backend. It is
designed to allow for fast updates and small resource usage.

Affected packages

     Package        /  Vulnerable  /                        Unaffected

  1  net-dns/mydns       < 1.1.0                              >= 1.1.0

Description

MyDNS contains an unspecified flaw that may allow a remote
Denial of Service.

Impact

An attacker could cause a Denial of Service by sending malformed
DNS queries to the MyDNS server.

Workaround

There is no known workaround at this time.

Resolution

All MyDNS users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-dns/mydns-1.1.0"

References

[ 1 ] CVE-2006-0351

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0351

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-16.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200601-17

http://security.gentoo.org/

Severity: Normal
Title: Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap
overflows
Date: January 30, 2006
Bugs: #117481, #117494, #117495, #115789, #118665
ID: 200601-17

Synopsis

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable
to integer overflows that may be exploited to execute arbitrary
code.

Background

Xpdf is a PDF file viewer that runs under the X Window System.
Poppler is a PDF rendering library based on the Xpdf 3.0 code base.
GPdf is a PDF file viewer for the GNOME 2 platform, also based on
Xpdf. libextractor is a library which includes Xpdf code to extract
arbitrary meta-data from files. pdftohtml is a utility to convert
PDF files to HTML or XML formats that makes use of Xpdf code to
decode PDF files.

Affected packages

     Package                  /   Vulnerable   /            Unaffected



  1  app-text/xpdf                 < 3.01-r5                >= 3.01-r5
  2  app-text/poppler             < 0.4.3-r4               >= 0.4.3-r4
  3  app-text/gpdf                < 2.10.0-r3             >= 2.10.0-r3
  4  media-libs/libextractor        < 0.5.9                   >= 0.5.9
  5  app-text/pdftohtml            < 0.36-r4               Vulnerable!
    -------------------------------------------------------------------
     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.
    -------------------------------------------------------------------
     5 affected packages on all of their supported architectures.

Description

Chris Evans has reported some integer overflows in Xpdf when
attempting to calculate buffer sizes for memory allocation, leading
to a heap overflow and a potential infinite loop when handling
malformed input files.

Impact

By sending a specially crafted PDF file to a victim, an attacker
could cause an overflow, potentially resulting in the execution of
arbitrary code with the privileges of the user running the
application.

Workaround

There is no known workaround at this time.

Resolution

All Xpdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.01-r5"

All Poppler users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/poppler-0.4.3-r4"

All GPdf users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.10.0-r3"

All libextractor users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/libextractor-0.5.9"

All pdftohtml users should migrate to the latest stable version
of Poppler.

References

[ 1 ] CVE-2005-3627

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627

[ 2 ] CVE-2005-3626

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626

[ 3 ] CVE-2005-3625

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625

[ 4 ] CVE-2005-3624

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200601-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Advisory MDKSA-2006:026
http://www.mandriva.com/security/

Package : bzip2
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi
Network Firewall 2.0

Problem Description:

A bug was found in the way that bzgrep processed file names. If
a user could be tricked into running bzgrep on a file with a
special file name, it would be possible to execute arbitrary code
with the privileges of the user running bzgrep.

As well, the bzip2 package provided with Mandriva Linux 2006 did
not the patch applied to correct CVE-2005-0953 which was previously
fixed by MDKSA-2005:091; those packages are now properly
patched.

The updated packages have been patched to correct these
problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0953

Updated Packages:

Mandriva Linux 10.1:
9ba66ec27bbf76ba782127e9d35b47cf
10.1/RPMS/bzip2-1.0.2-20.4.101mdk.i586.rpm
aa67aef5d33f2d63dbe1970b75feeb6c
10.1/RPMS/libbzip2_1-1.0.2-20.4.101mdk.i586.rpm
39ac11e51b9891bdbc781a5f57802532
10.1/RPMS/libbzip2_1-devel-1.0.2-20.4.101mdk.i586.rpm
7af647d2bd9ed2235ce9f48e45b88510
10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
c482a9d432f31f6ae2de7b2a68547b97
x86_64/10.1/RPMS/bzip2-1.0.2-20.4.101mdk.x86_64.rpm
e9ae19f83d4156ff00b64c3bb738094e
x86_64/10.1/RPMS/lib64bzip2_1-1.0.2-20.4.101mdk.x86_64.rpm
464e89b49a8e8b50bf90c2591d0fe773
x86_64/10.1/RPMS/lib64bzip2_1-devel-1.0.2-20.4.101mdk.x86_64.rpm

7af647d2bd9ed2235ce9f48e45b88510
x86_64/10.1/SRPMS/bzip2-1.0.2-20.4.101mdk.src.rpm

Mandriva Linux 10.2:
7df4a217662f8c37e245eb93d93a371d
10.2/RPMS/bzip2-1.0.2-20.3.102mdk.i586.rpm
8f786bbbddacf81ccf78858566f4b61e
10.2/RPMS/libbzip2_1-1.0.2-20.3.102mdk.i586.rpm
560e3fcafd35a390acc92b3585c3e209
10.2/RPMS/libbzip2_1-devel-1.0.2-20.3.102mdk.i586.rpm
70536dcc4a48fd2c927533f5610e4c30
10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
fbb29ba214b192f71f93e1651e2859f6
x86_64/10.2/RPMS/bzip2-1.0.2-20.3.102mdk.x86_64.rpm
fad0d57ba24c7c2564a052621dabef6f
x86_64/10.2/RPMS/lib64bzip2_1-1.0.2-20.3.102mdk.x86_64.rpm
e88392d200f33e476e43ff9d07576173
x86_64/10.2/RPMS/lib64bzip2_1-devel-1.0.2-20.3.102mdk.x86_64.rpm

70536dcc4a48fd2c927533f5610e4c30
x86_64/10.2/SRPMS/bzip2-1.0.2-20.3.102mdk.src.rpm

Mandriva Linux 2006.0:
4e0529ee4c44182a0595aafaa4cc5f07
2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.i586.rpm
bce98fe9a3066968923b0bd067908777
2006.0/RPMS/libbzip2_1-1.0.3-1.2.20060mdk.i586.rpm
cbed01da9b0111e3f47f59735ec16a09
2006.0/RPMS/libbzip2_1-devel-1.0.3-1.2.20060mdk.i586.rpm
d099cf8e4a81702f32efbd9afe92f208
2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
c2c65e542f1e9b34a801f578f3ce0920
x86_64/2006.0/RPMS/bzip2-1.0.3-1.2.20060mdk.x86_64.rpm
e401cf58458c72b0fa8de87352f81ecf
x86_64/2006.0/RPMS/lib64bzip2_1-1.0.3-1.2.20060mdk.x86_64.rpm
920aa42c55fc7a97912433ca2c9f5adb
x86_64/2006.0/RPMS/lib64bzip2_1-devel-1.0.3-1.2.20060mdk.x86_64.rpm

d099cf8e4a81702f32efbd9afe92f208
x86_64/2006.0/SRPMS/bzip2-1.0.3-1.2.20060mdk.src.rpm

Corporate Server 2.1:
521d044c36980ad67d31d235cf1290bf
corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.i586.rpm
dafdb66e984581813890aa05a9e597e3
corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.i586.rpm
5470771fb2586bf4c28439d7923cbf60
corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.i586.rpm
9215603a9dc985117ec1f5476fb0e05e
corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
ec9760c37823edd74fbe67e4f7467607
x86_64/corporate/2.1/RPMS/bzip2-1.0.2-10.4.C21mdk.x86_64.rpm
709e7e4d97e553500c334d443a99289d
x86_64/corporate/2.1/RPMS/libbzip2_1-1.0.2-10.4.C21mdk.x86_64.rpm

032616025d51bb2e2c0d957deb606016
x86_64/corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.4.C21mdk.x86_64.rpm

9215603a9dc985117ec1f5476fb0e05e
x86_64/corporate/2.1/SRPMS/bzip2-1.0.2-10.4.C21mdk.src.rpm

Corporate 3.0:
abf848e7e0779c5df11a9f52a33c952e
corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.i586.rpm
ea41c2d1db6197763b8ae5602de69d47
corporate/3.0/RPMS/libbzip2_1-1.0.2-17.4.C30mdk.i586.rpm
ae5a1944fc833de24f3d6845e815fb91
corporate/3.0/RPMS/libbzip2_1-devel-1.0.2-17.4.C30mdk.i586.rpm
8f3a578903df91bcc206e20f51219063
corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
66856ec28ef826f1eeaca20fb71d1555
x86_64/corporate/3.0/RPMS/bzip2-1.0.2-17.4.C30mdk.x86_64.rpm
9e46e6e8bc7eb84d74578339ab19dbd3
x86_64/corporate/3.0/RPMS/lib64bzip2_1-1.0.2-17.4.C30mdk.x86_64.rpm

8a15e6bfcfcf7daee02a3c4770b85b25
x86_64/corporate/3.0/RPMS/lib64bzip2_1-devel-1.0.2-17.4.C30mdk.x86_64.rpm

8f3a578903df91bcc206e20f51219063
x86_64/corporate/3.0/SRPMS/bzip2-1.0.2-17.4.C30mdk.src.rpm

Multi Network Firewall 2.0:
99d1d85e93178ef63268c0127b22b0ab
mnf/2.0/RPMS/bzip2-1.0.2-17.4.M20mdk.i586.rpm
624b0cca4f32689662f41862783ec701
mnf/2.0/RPMS/libbzip2_1-1.0.2-17.4.M20mdk.i586.rpm
384d5f1755aac9bef93454c394a38ba0
mnf/2.0/RPMS/libbzip2_1-devel-1.0.2-17.4.M20mdk.i586.rpm
2426bf6007f6ed217ccbab7304a7bae6
mnf/2.0/SRPMS/bzip2-1.0.2-17.4.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Advisory MDKSA-2006:027
http://www.mandriva.com/security/

Package : gzip
Date : January 30, 2006
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi
Network Firewall 2.0

Problem Description:

Zgrep in gzip before 1.3.5 does not properly sanitize arguments,
which allows local users to execute arbitrary commands via
filenames that are injected into a sed script.

This was previously corrected in MDKSA-2005:092, however the fix
was incomplete. These updated packages provide a more comprehensive
fix to the problem.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758

Updated Packages:

Mandriva Linux 10.1:
62937bbc65984b8f32a8817ca9d0a83a
10.1/RPMS/gzip-1.2.4a-13.3.101mdk.i586.rpm
03b66c3fff9a34edf0f714f773755d94
10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
fc3cc9dbcf1ca6b67f19a512ca555ed9
x86_64/10.1/RPMS/gzip-1.2.4a-13.3.101mdk.x86_64.rpm
03b66c3fff9a34edf0f714f773755d94
x86_64/10.1/SRPMS/gzip-1.2.4a-13.3.101mdk.src.rpm

Mandriva Linux 10.2:
431066b4062f9f23a09a137edb20b7b6
10.2/RPMS/gzip-1.2.4a-14.2.102mdk.i586.rpm
15e833f4126a3708773a7f055c24e21e
10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
b18f7f611c82083e8e5605687165f1f3
x86_64/10.2/RPMS/gzip-1.2.4a-14.2.102mdk.x86_64.rpm
15e833f4126a3708773a7f055c24e21e
x86_64/10.2/SRPMS/gzip-1.2.4a-14.2.102mdk.src.rpm

Mandriva Linux 2006.0:
9a496bbbe2e1a07096c7ac536fc2456c
2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.i586.rpm
da6e6cd98d8e37904c6e5140950367ac
2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
e1e5bf8168bdd95291364b4078504df5
x86_64/2006.0/RPMS/gzip-1.2.4a-15.1.20060mdk.x86_64.rpm
da6e6cd98d8e37904c6e5140950367ac
x86_64/2006.0/SRPMS/gzip-1.2.4a-15.1.20060mdk.src.rpm

Corporate Server 2.1:
3b8cb2a9448fc5411bd8e49bb7037ffe
corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.i586.rpm
3baf958e1a8159e1621f7d1694b24a24
corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
996b5e2b2b3f330fa9387e18e9f7d422
x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.5.C21mdk.x86_64.rpm
3baf958e1a8159e1621f7d1694b24a24
x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.5.C21mdk.src.rpm

Corporate 3.0:
8d5bbe00592a9830ce4ac5d2b120e867
corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.i586.rpm
5baa56e8feb905c9fb48629344a88b02
corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
0fd942e8d92942d5cee224263a27db9c
x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.3.C30mdk.x86_64.rpm
5baa56e8feb905c9fb48629344a88b02
x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.3.C30mdk.src.rpm

Multi Network Firewall 2.0:
1c2352fc2445c452769181be3d4e85a1
mnf/2.0/RPMS/gzip-1.2.4a-13.3.M20mdk.i586.rpm
601229e6188ad8ee34ff12f1147c5381
mnf/2.0/SRPMS/gzip-1.2.4a-13.3.M20mdk.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2006-0004

Package names: kernel, openssh
Summary: Multiple vulnerabilities
Date: 2006-01-27
Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux
3.0 Trustix Operating System – Enterprise Server 2

Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.

openssh
Ssh (Secure Shell) a program for logging into a remote machine and
for executing commands in a remote machine. It is intended to
replace rlogin and rsh, and provide secure encrypted communications
between two untrusted hosts over an insecure network. X11
connections and arbitrary TCP/IP ports can also be forwarded over
the secure channel.

Problem description:
kernel < TSL 3.0 >

  • SECURITY Fix: Missing validation of the “nlmsg_len” value in
    “netlink_rcv_skb()” can cause an infinite loop which can be
    exploited by local users to cause a DoS by setting the value to
    0.
  • An error in the PPTP NAT helper in the handling of inbound
    PPTP_IN_CALL_REQUEST packets can cause an error in offset
    calculation. This can be exploited to cause random memory
    corruption and can crash the kernel.
  • ip_nat_pptp in the PPTP NAT helper
    (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other
    versions, allows local users to cause a denial of service via a
    crafted outbound packet that causes an incorrect offset to be
    calculated from pointer arithmetic when non-linear SKBs (socket
    buffers) are used.
  • Stefan Rompf has reported a vulnerability caused due to the
    “dm-crypt” driver failing to clear memory before freeing it. This
    can be exploited by local users to obtain sensitive
    information.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-0035, CVE-2006-0036, CVE-2006-0037 and CVE-2006-0095 to
these issues.

openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 >

  • SECURITY Fix: Josh Bressers has reported a weakness in OpenSSH
    caused due to the insecure use of the “system()” function in scp
    when performing copy operations using filenames that are supplied
    by the user from the command line. This can be exploited to execute
    shell commands with privileges of the user running scp.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-0225 to this issue.

Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>

<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
and
<URI:http://www.trustix.org/errata/trustix-3.0/>

or directly at
<URI:http://www.trustix.org/errata/2006/0004/>

MD5sums of the packages:

027cea1f2f987f710fe2680337a4774f
3.0/rpms/kernel-2.6.15.1-1tr.i586.rpm
9f6cc359c94b874a8160b2744fb6d510
3.0/rpms/kernel-doc-2.6.15.1-1tr.i586.rpm
f6c272fadee97f280adee5f9a00576b0
3.0/rpms/kernel-headers-2.6.15.1-1tr.i586.rpm
31150a8b714720f20e290dccec845826
3.0/rpms/kernel-smp-2.6.15.1-1tr.i586.rpm
fce9c0bf230300cec808aea31ff7f718
3.0/rpms/kernel-smp-headers-2.6.15.1-1tr.i586.rpm
cf6368abb17f22b64826d00bd8336cf5
3.0/rpms/kernel-source-2.6.15.1-1tr.i586.rpm
0608ad6bd8e97ddadd0b501206a11d20
3.0/rpms/kernel-utils-2.6.15.1-1tr.i586.rpm
ab20e49ff562fa8accc40ecbf13e7799
3.0/rpms/openssh-4.2p1-2tr.i586.rpm
ade6e066afe6e83bd99975bfa252f608
3.0/rpms/openssh-clients-4.2p1-2tr.i586.rpm
7290bb4c93f08314b72b589e6ed3b0b3
3.0/rpms/openssh-server-4.2p1-2tr.i586.rpm
934477d687fb6cb48b78fceb87e187e2
3.0/rpms/openssh-server-config-4.2p1-2tr.i586.rpm

3bfc8e25184b964391c8c71ad95b2778
2.2/rpms/openssh-4.2p1-2tr.i586.rpm
8a3a8e810c8121ac10846922e0bffe6a
2.2/rpms/openssh-clients-4.2p1-2tr.i586.rpm
33c754e2048bb85822145c2063f63463
2.2/rpms/openssh-server-4.2p1-2tr.i586.rpm
0abb95f1c3c13c491e0233ae6f3a9944
2.2/rpms/openssh-server-config-4.2p1-2tr.i586.rpm

Trustix Security Team

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.