---

Advisories, June 11, 2006

Debian GNU/Linux


Debian Security Advisory DSA 1094-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
June 8th, 2006 http://www.debian.org/security/faq


Package : gforge
Vulnerability : missing input sanitising
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2005-2430
Debian Bug : 328224

Joxean Koret discovered several cross-site scripting
vulnerabilities in Gforge, an online collaboration suite for
software development, which allow injection of web script code.

The old stable distribution (woody) does not contain gforge
packages.

For the stable distribution (sarge) this problem has been fixed
in version 3.1-31sarge1.

For the unstable distribution (sid) this problem has been fixed
in version 3.1-31sarge1.

We recommend that you upgrade your gforge package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1.dsc

      Size/MD5 checksum: 868
0452baf77a8669801e5c218405eb4c9e
    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1.diff.gz

      Size/MD5 checksum: 288414
97f88bfe5581a40469e05ed66fc54568
    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz

      Size/MD5 checksum: 1409879
c723b3a9efc016fd5449c4765d5de29c

Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge1_all.deb

      Size/MD5 checksum: 92806
ede5618a181e461a406de2dc50b6170a
    http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge1_all.deb

      Size/MD5 checksum: 98282
927bada7cf4d87f0963b6a0d4dbfb683
    http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge1_all.deb

      Size/MD5 checksum: 146398
ae5600b12938d8bc47c947c48d408752
    http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge1_all.deb

      Size/MD5 checksum: 72456
7408e95a4db4353731eacd8bf274e8bc
    http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge1_all.deb

      Size/MD5 checksum: 59784
6e357bc18e5265c2f3ac302859a00892
    http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge1_all.deb

      Size/MD5 checksum: 70378
973ded7bd24d7aaa1dfd9cdc0d931ad5
    http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge1_all.deb

      Size/MD5 checksum: 58032
1a6a3a1970ebc40751620f7eb9496143
    http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge1_all.deb

      Size/MD5 checksum: 64966
a9e7b482891a637d92eb73e44f5b9550
    http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge1_all.deb

      Size/MD5 checksum: 64490
408e9f6f06dbfbcb766285a8dfc42d6c
    http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge1_all.deb

      Size/MD5 checksum: 64580
16a2613639daa916d669cc376085e78a
    http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge1_all.deb

      Size/MD5 checksum: 60932
5f9bd90fa83c17088fe250c5cd82b251
    http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge1_all.deb

      Size/MD5 checksum: 59046
1614549a1d31c8f6054858c94043efa6
    http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge1_all.deb

      Size/MD5 checksum: 1104456
7a7901b7a5561c81fa46791cbab68cb3
    http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge1_all.deb

      Size/MD5 checksum: 56332
318db8262b47625a9b356ff366743035
    http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge1_all.deb

      Size/MD5 checksum: 55784
7797f135a0456ee0366afe249ffdd4ce

These files will probably be moved into the stable distribution
on its next update.


Debian Security Advisory DSA 1095-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
June 10th, 2006 http://www.debian.org/security/faq


Package : freetype
Vulnerability : integer overflows
Problem type : local (remote)
Debian-specific: no
CVE IDs : CVE-2006-0747 CVE-2006-1861 CVE-2006-2493
CVE-2006-2661
BugTraq ID : 18034

Several problems have been discovered in the FreeType 2 font
engine. The Common vulnerabilities and Exposures project identifies
the following problems:

CVE-2006-0747

Several integer underflows have been discovered which could
allow remote attackers to cause a denial of service.

CVE-2006-1861

Chris Evans discovered several integer overflows that lead to a
denial of service or could possibly even lead to the execution of
arbitrary code.

CVE-2006-2493

Several more integer overflows have been discovered which could
possibly lead to the execution of arbitrary code.

CVE-2006-2661

A null pointer dereference could cause a denial of service.

For the old stable distribution (woody) these problems have been
fixed in version 2.0.9-1woody1.

For the stable distribution (sarge) these problems have been
fixed in version 2.1.7-2.5.

For the unstable distribution (sid) these problems will be fixed
soon

We recommend that you upgrade your libfreetype packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.dsc

      Size/MD5 checksum: 672
e9f338a6cc7d4f8924ec9df3dd14035a
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9-1woody1.diff.gz

      Size/MD5 checksum: 17441
8313446b932167b006e7b039c6890821
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.0.9.orig.tar.gz

      Size/MD5 checksum: 908842
102e1d651fd6404e656e3d1d8a36a4a0

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_alpha.deb

      Size/MD5 checksum: 72438
81cf505ba02eb5167141388fedd84177
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_alpha.deb

      Size/MD5 checksum: 244742
599b407104960c51a32c75782ccc6bcb
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_alpha.deb

      Size/MD5 checksum: 598368
f5bb8504b2d91b0af7cd878f661520d4

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_arm.deb

      Size/MD5 checksum: 38802
0890e233c07cfa17fcf4de4e312ee0cb
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_arm.deb

      Size/MD5 checksum: 211736
c071143fd0bcbba47e3be584dd52c9b5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_arm.deb

      Size/MD5 checksum: 565936
3ea6b5786fdc1b74c8ce501a83f87b56

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_i386.deb

      Size/MD5 checksum: 37128
55f75b5277bc86e66167bd92019d0dc0
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_i386.deb

      Size/MD5 checksum: 208990
c59dc78191132dcc3db2ad6e529ed872
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_i386.deb

      Size/MD5 checksum: 541294
028c883672af3f15cdea4595e124d12d

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_ia64.deb

      Size/MD5 checksum: 91606
34dd0d964ef7f5471a9d8aca9204eae6
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_ia64.deb

      Size/MD5 checksum: 314490
f277129e151512f5f40f7dac92bd70ca
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_ia64.deb

      Size/MD5 checksum: 661156
2da5eeaec642e9ad417f05d556042654

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_hppa.deb

      Size/MD5 checksum: 65954
01f070e5a891f294673ecc02746e2a3e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_hppa.deb

      Size/MD5 checksum: 243240
3ce3f6c9c81f475e8f5025d891c6baa3
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_hppa.deb

      Size/MD5 checksum: 581982
2cd9bf66c5fa0900b2bbd892cb4fe27e

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_m68k.deb

      Size/MD5 checksum: 35004
9fb250326a6ec18855b526881bff1971
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_m68k.deb

      Size/MD5 checksum: 202382
b914d6dca81b0a0bbcd51b41f14d285b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_m68k.deb

      Size/MD5 checksum: 533332
99c58bfb00e2eec28605797281ba7d91

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mips.deb

      Size/MD5 checksum: 65994
d095a3147f7bf29601a633e0981812ef
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mips.deb

      Size/MD5 checksum: 227602
a0bb3a1ec9f4d199b592e83e1f96cc62
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mips.deb

      Size/MD5 checksum: 585274
70ee8753fbc279405f51aa3f85c9277a

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_mipsel.deb

      Size/MD5 checksum: 66068
4252d63c5c6fc9c2073a3c4f9a2c94b3
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_mipsel.deb

      Size/MD5 checksum: 224940
cd715fcea79690133890d1ac51c897d5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_mipsel.deb

      Size/MD5 checksum: 582886
95ab06bdb92195b369f4b1394caace23

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_powerpc.deb

      Size/MD5 checksum: 40060
11ce0afd84b3b6d72aeb6ad65f46d20b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_powerpc.deb

      Size/MD5 checksum: 220220
f3e618b284f001fb1aca10f09153580c
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_powerpc.deb

      Size/MD5 checksum: 562794
1f79591fa630cc0c1843a5877782fa5b

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_s390.deb

      Size/MD5 checksum: 39878
f4349eae5c74098119905d368c7b0e2e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_s390.deb

      Size/MD5 checksum: 217756
f025a5c14fd3c2c115076095565628a5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_s390.deb

      Size/MD5 checksum: 550812
667c68d66e3055fdc01ff3a028f5b065

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.0.9-1woody1_sparc.deb

      Size/MD5 checksum: 49750
6c536054e3247e79bef317c60ca6b3b1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.0.9-1woody1_sparc.deb

      Size/MD5 checksum: 212828
cab02000c53126f833994914024f057f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.0.9-1woody1_sparc.deb

      Size/MD5 checksum: 549646
206cb2d25dd696a438e54c188bf83b2c

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.dsc

      Size/MD5 checksum: 677
89163a31332f8fd9602ee070e736db56
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-2.5.diff.gz

      Size/MD5 checksum: 56830
e44f23774c76ec8744556393d1a67155
    http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz

      Size/MD5 checksum: 1245623
991ff86e88b075ba363e876f4ea58680

Alpha architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_alpha.deb

      Size/MD5 checksum: 88168
43fe03488f5298535877f31e514af2b5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_alpha.deb

      Size/MD5 checksum: 422428
ca66e5f4c34fe72139aec143d2267638
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_alpha.deb

      Size/MD5 checksum: 784362
87d5c43d63e83523ed20051640b702c8

AMD64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_amd64.deb

      Size/MD5 checksum: 76236
3352ce99b2a88ca07d88f04c91b3dc3e
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_amd64.deb

      Size/MD5 checksum: 389884
7262b08b4199214f93165ae412c9f467
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_amd64.deb

      Size/MD5 checksum: 723734
fb33e8413b560d7afaeb02e59a76cf09

ARM architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_arm.deb

      Size/MD5 checksum: 58730
55df9efbd4eb664f1783ee82a38f1844
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_arm.deb

      Size/MD5 checksum: 352562
7abf762b31898aaca08668d0a96b6f2f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_arm.deb

      Size/MD5 checksum: 714506
954e50736413bdef43b26230c639de88

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_i386.deb

      Size/MD5 checksum: 63194
cb8a719a9a774729d66008d9027e51e6
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_i386.deb

      Size/MD5 checksum: 363860
db9690836e2cec4d75d72e21fa3454b2
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_i386.deb

      Size/MD5 checksum: 693456
413e7c3ac3cbe875565583e4d715e9f9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_ia64.deb

      Size/MD5 checksum: 102602
33a1531632b9b99c8dddaf3db4bf5b76
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_ia64.deb

      Size/MD5 checksum: 493270
d5c7f28e477780047c923279b96b3e4a
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_ia64.deb

      Size/MD5 checksum: 843896
72048488bde93d3630b6b9da079e69e9

HP Precision architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_hppa.deb

      Size/MD5 checksum: 80762
42a0bfccfaac7473755699a843e24a47
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_hppa.deb

      Size/MD5 checksum: 406960
0c4175c2dd0e48b799e09d2afc12690f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_hppa.deb

      Size/MD5 checksum: 734430
89b01eb71ca9666bfda516a81b42279c

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_m68k.deb

      Size/MD5 checksum: 43850
8c48fb2db89bd539888bee4b5e96bc9f
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_m68k.deb

      Size/MD5 checksum: 359290
8d0540203484407b5e3ac0caa6a17a76
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_m68k.deb

      Size/MD5 checksum: 678740
6a4a245d16be00bfb42c4c95bc46c33b

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mips.deb

      Size/MD5 checksum: 91802
edb71b520cad9ee3325f1ab6c9aba2e1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mips.deb

      Size/MD5 checksum: 384104
a3a2b6850b6ad4fa58b26e4f87c99bc1
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mips.deb

      Size/MD5 checksum: 742462
1622c7ed6976c080c191bf4355a39bcf

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_mipsel.deb

      Size/MD5 checksum: 91530
b5f2884e0a60f941472f73e5bb4ed36a
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_mipsel.deb

      Size/MD5 checksum: 376154
44ecb1dd13695505127605383ba08550
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_mipsel.deb

      Size/MD5 checksum: 735808
5be48a87080982898270d5d3872d23a1

PowerPC architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_powerpc.deb

      Size/MD5 checksum: 81984
1947fae668eea39c6547b5f7223b161b
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_powerpc.deb

      Size/MD5 checksum: 379112
ba3fcf9e41fb86ffb942f62da564e443
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_powerpc.deb

      Size/MD5 checksum: 730110
abef79b7c668f78ac1824d28871d12e5

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_s390.deb

      Size/MD5 checksum: 76224
cad554cfd04bc4d3a95b2a2ec2fdc0d5
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_s390.deb

      Size/MD5 checksum: 399662
a0b113ed1c25426c878a88fa3709eab9
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_s390.deb

      Size/MD5 checksum: 752436
294913dbf3d5371ea9bb20f44a03d5c0

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-2.5_sparc.deb

      Size/MD5 checksum: 68422
5c7b16ad44271621f8d5212ddcedefe9
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-2.5_sparc.deb

      Size/MD5 checksum: 363802
64e8b09bf5e357b284c23b284e5c13cc
    http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-2.5_sparc.deb

      Size/MD5 checksum: 699974
ef249a5e5d11b534e55f1e942ef29cef

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200604-10:02


http://security.gentoo.org/


Severity: Normal
Title: zgv: Heap overflow
Date: April 21, 2006
Updated: June 10, 2006
Bugs: #127008
ID: 200604-10:02


Errata

The fixed zgv ebuild proposed in the initial version of this
Security Advisory did not address all the vulnerabilities of the
zgv package.

The corrected sections appear below.

Affected packages

The corrected list of affected packages is as follows:


     Package         /  Vulnerable  /                       Unaffected


1 media-gfx/xzgv < 0.8-r2 >= 0.8-r2 2 media-gfx/zgv < 5.9 >= 5.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Resolution

All zgv users should also upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/zgv-5.9"

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200604-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-07


http://security.gentoo.org/


Severity: High
Title: Vixie Cron: Privilege Escalation
Date: June 09, 2006
Bugs: #134194
ID: 200606-07


Synopsis

Vixie Cron allows local users to execute programs as root.

Background

Vixie Cron is a command scheduler with extended syntax over
cron.

Affected packages


     Package                 /  Vulnerable  /               Unaffected

  1  sys-process/vixie-cron      < 4.1-r9                    >= 4.1-r9

Description

Roman Veretelnikov discovered that Vixie Cron fails to properly
check whether it can drop privileges accordingly if setuid() in
do_command.c fails due to a user exceeding assigned resource
limits.

Impact

Local users can execute code with root privileges by
deliberately exceeding their assigned resource limits and then
starting a command through Vixie Cron. This requires resource
limits to be in place on the machine.

Workaround

There is no known workaround at this time.

Resolution

All Vixie Cron users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-process/vixie-cron-4.1-r9"

References

[ 1 ] CVE-2006-2607

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2607

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200606-08


http://security.gentoo.org/


Severity: High
Title: WordPress: Arbitrary command execution
Date: June 09, 2006
Bugs: #134397
ID: 200606-08


Synopsis

WordPress fails to sufficiently check the format of cached
username data.

Background

WordPress is a PHP and MySQL based content management and
publishing system.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  www-apps/wordpress       < 2.0.3                         >= 2.0.3

Description

rgod discovered that WordPress insufficiently checks the format
of cached username data.

Impact

An attacker could exploit this vulnerability to execute
arbitrary commands by sending a specially crafted username. As of
Wordpress 2.0.2 the user data cache is disabled as the default.

Workaround

There are no known workarounds at this time.

Resolution

All WordPress users should upgrade to the latest available
version:

    # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3"

References

[ 1 ] CVE-2006-2667

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2667

[ 2 ] CVE-2006-2702

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2702

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200606-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Red Hat Linux


Red Hat Security Advisory

Synopsis: Moderate: mailman security update
Advisory ID: RHSA-2006:0486-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0486.html

Issue date: 2006-06-09
Updated on: 2006-06-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0052


1. Summary:

An updated mailman package that fixes a denial of service flaw
is now available for Red Hat Enterprise Linux 3 and 4.

This update has been rated as having moderate security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

Mailman is software to help manage email discussion lists.

A flaw was found in the way Mailman handles MIME multipart
messages. An attacker could send a carefully crafted MIME multipart
email message to a mailing list run by Mailman which would cause
that particular mailing list to stop working. (CVE-2006-0052)

Users of Mailman should upgrade to this updated package, which
contains backported patches to correct this issue.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

187420 – CVE-2006-0052 Mailman DoS

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm

864b23ce9d7bb6ec67e1925e727b00a1
mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8
mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64

mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

ia64:
dea1f57a4cab00421c7e733abce56d0a
mailman-2.1.5.1-25.rhel3.5.ia64.rpm
d626620c55ce2d6be83ede96d2b52b2a

mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm

ppc:
28603ff74e71bf42a65a642219ac2c12
mailman-2.1.5.1-25.rhel3.5.ppc.rpm
2092db336ea3383b409ae08b72805c3c

mailman-debuginfo-2.1.5.1-25.rhel3.5.ppc.rpm

s390:
8b71da905859dda6df957227d7813f73
mailman-2.1.5.1-25.rhel3.5.s390.rpm
750eb1cb63a4bb4e10fc43b0c13df8e4

mailman-debuginfo-2.1.5.1-25.rhel3.5.s390.rpm

s390x:
0d6b38a5ba6d707bf7be2c97e5d5f697
mailman-2.1.5.1-25.rhel3.5.s390x.rpm
dd4ba23b250a06c22b92cf944de05021

mailman-debuginfo-2.1.5.1-25.rhel3.5.s390x.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed

mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm

864b23ce9d7bb6ec67e1925e727b00a1
mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8
mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64

mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed

mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm

864b23ce9d7bb6ec67e1925e727b00a1
mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8
mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64

mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

ia64:
dea1f57a4cab00421c7e733abce56d0a
mailman-2.1.5.1-25.rhel3.5.ia64.rpm
d626620c55ce2d6be83ede96d2b52b2a

mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed

mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mailman-2.1.5.1-25.rhel3.5.src.rpm

864b23ce9d7bb6ec67e1925e727b00a1
mailman-2.1.5.1-25.rhel3.5.src.rpm

i386:
1f8675edb008914d72c17ac208778ce8
mailman-2.1.5.1-25.rhel3.5.i386.rpm
5591118fdeb23c8f7ab773ecc89b2d64

mailman-debuginfo-2.1.5.1-25.rhel3.5.i386.rpm

ia64:
dea1f57a4cab00421c7e733abce56d0a
mailman-2.1.5.1-25.rhel3.5.ia64.rpm
d626620c55ce2d6be83ede96d2b52b2a

mailman-debuginfo-2.1.5.1-25.rhel3.5.ia64.rpm

x86_64:
cb3afd6302189d2141198f6569405ab2
mailman-2.1.5.1-25.rhel3.5.x86_64.rpm
b599a1cc3684547547eafca41c4f0aed

mailman-debuginfo-2.1.5.1-25.rhel3.5.x86_64.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm

710bda1e3e2d327750b2e173e4f26ade
mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a
mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787

mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

ia64:
e6f69b07fa7bcda1bd243c0ee9fc625f
mailman-2.1.5.1-34.rhel4.3.ia64.rpm
1fa4545391bdebbb8a2756f475534341

mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm

ppc:
aac7cd4291f95b603ca1318844b8aa67
mailman-2.1.5.1-34.rhel4.3.ppc.rpm
83cdd5e4b505ce46fd720dcfb6a629b4

mailman-debuginfo-2.1.5.1-34.rhel4.3.ppc.rpm

s390:
fb24bfc7f51ce6078c0f2918485aa88f
mailman-2.1.5.1-34.rhel4.3.s390.rpm
00ad62057a06e026111c877ad93c8b7f

mailman-debuginfo-2.1.5.1-34.rhel4.3.s390.rpm

s390x:
d193fd7597c5f871f819865674c13c15
mailman-2.1.5.1-34.rhel4.3.s390x.rpm
f8dcab2a9ffd04fc13f4441035111406

mailman-debuginfo-2.1.5.1-34.rhel4.3.s390x.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866

mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm

710bda1e3e2d327750b2e173e4f26ade
mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a
mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787

mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866

mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm

710bda1e3e2d327750b2e173e4f26ade
mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a
mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787

mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

ia64:
e6f69b07fa7bcda1bd243c0ee9fc625f
mailman-2.1.5.1-34.rhel4.3.ia64.rpm
1fa4545391bdebbb8a2756f475534341

mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866

mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:

ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mailman-2.1.5.1-34.rhel4.3.src.rpm

710bda1e3e2d327750b2e173e4f26ade
mailman-2.1.5.1-34.rhel4.3.src.rpm

i386:
d9ef371fe0bbfd5088458a66252fc85a
mailman-2.1.5.1-34.rhel4.3.i386.rpm
d845b291a05886a7e2747d69cd92c787

mailman-debuginfo-2.1.5.1-34.rhel4.3.i386.rpm

ia64:
e6f69b07fa7bcda1bd243c0ee9fc625f
mailman-2.1.5.1-34.rhel4.3.ia64.rpm
1fa4545391bdebbb8a2756f475534341

mailman-debuginfo-2.1.5.1-34.rhel4.3.ia64.rpm

x86_64:
bff48be8cc1ca2adc29e50d80c274973
mailman-2.1.5.1-34.rhel4.3.x86_64.rpm
d0a2ba73d5d845a9799d0d86634dc866

mailman-debuginfo-2.1.5.1-34.rhel4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0052

http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.


Red Hat Security Advisory

Synopsis: Important: mysql security update
Advisory ID: RHSA-2006:0544-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0544.html

Issue date: 2006-06-09
Updated on: 2006-06-09
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-0903 CVE-2006-1516 CVE-2006-1517
CVE-2006-2753


1. Summary:

Updated mysql packages that fix multiple security flaws are now
available.

This update has been rated as having important security impact
by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 – i386, x86_64
Red Hat Enterprise Linux ES version 4 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 – i386, ia64, x86_64

3. Problem description:

MySQL is a multi-user, multi-threaded SQL database server. MySQL
is a client/server implementation consisting of a server daemon
(mysqld) and many different client programs and libraries.

A flaw was found in the way the MySQL mysql_real_escape()
function escaped strings when operating in a multibyte character
encoding. An attacker could provide an application a carefully
crafted string containing invalidly-encoded characters which may be
improperly escaped, leading to the injection of malicious SQL
commands. (CVE-2006-2753)

An information disclosure flaw was found in the way the MySQL
server processed malformed usernames. An attacker could view a
small portion of server memory by supplying an anonymous login
username which was not null terminated. (CVE-2006-1516)

An information disclosure flaw was found in the way the MySQL
server executed the COM_TABLE_DUMP command. An authenticated
malicious user could send a specially crafted packet to the MySQL
server which returned random unallocated memory.
(CVE-2006-1517)

A log file obfuscation flaw was found in the way the
mysql_real_query() function creates log file entries. An attacker
with the the ability to call the mysql_real_query() function
against a mysql server can obfuscate the entry the server will
write to the log file. However, an attacker needed to have complete
control over a server in order to attempt this attack.
(CVE-2006-0903)

This update also fixes numerous non-security-related flaws, such
as intermittent authentication failures.

All users of mysql are advised to upgrade to these updated
packages containing MySQL version 4.1.20, which is not vulnerable
to these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat
Network, launch the Red Hat Update Agent with the following
command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis