Debian GNU/Linux
Debian Security Advisory DSA 1096-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
June 13th, 2006 http://www.debian.org/security/faq
Package : webcalendar
Vulnerability : uninitialised variable
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-2762
A vulnerability has been discovered in webcalendar, a PHP-based
multi-user calendar, that allows a remote attacker to execute
arbitrary PHP code when register_globals is turned on.
The old stable distribution (woody) does not contain a
webcalendar package.
For the stable distribution (sarge) this problem has been fixed
in version 0.9.45-4sarge5.
For the unstable distribution (sid) this problem has been fixed
in version 1.0.4-1
We recommend that you upgrade your webcalendar package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5.dsc
Size/MD5 checksum: 608
216c1f9f764169fa877f1717f37dd73a
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5.diff.gz
Size/MD5 checksum: 12569
3a996902a10791fe764548728885d812
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45.orig.tar.gz
Size/MD5 checksum: 612360
a6a66dc54cd293429b604fe6da7633a6
Architecture independent components:
http://security.debian.org/pool/updates/main/w/webcalendar/webcalendar_0.9.45-4sarge5_all.deb
Size/MD5 checksum: 629442
f918fe96d26d5cbfa99efe2b2e938d2f
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200606-09
Severity: High
Title: SpamAssassin: Execution of arbitrary code
Date: June 11, 2006
Bugs: #135746
ID: 200606-09
Synopsis
SpamAssassin, when running with certain options, could allow
local or even remote attackers to execute arbitrary commands,
possibly as the root user.
Background
SpamAssassin is an extensible email filter used to identify junk
email. spamd is the daemonized version of SpamAssassin.
Affected packages
Package / Vulnerable / Unaffected
1 mail-filter/spamassassin < 3.1.3 >= 3.1.3
Description
When spamd is run with both the “–vpopmail” (-v) and
“–paranoid” (-P) options, it is vulnerable to an unspecified
issue.
Impact
With certain configuration options, a local or even remote
attacker could execute arbitrary code with the rights of the user
running spamd, which is root by default, by sending a crafted
message to the spamd daemon. Furthermore, the attack can be
remotely performed if the “–allowed-ips” (-A) option is present
and specifies non-local adresses. Note that Gentoo Linux is not
vulnerable in the default configuration.
Workaround
Don’t use both the “–paranoid” (-P) and the “–vpopmail” (-v)
options.
Resolution
All SpamAssassin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-filter/spamassassin-3.1.3"
References
[ 1 ] CVE-2006-2447
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-09.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200606-10
Severity: Normal
Title: Cscope: Many buffer overflows
Date: June 11, 2006
Bugs: #133829
ID: 200606-10
Synopsis
Cscope is vulnerable to multiple buffer overflows that could
lead to the execution of arbitrary code.
Background
Cscope is a developer’s tool for browsing source code.
Affected packages
Package / Vulnerable / Unaffected
1 dev-util/cscope < 15.5-r6 >= 15.5-r6
Description
Cscope does not verify the length of file names sourced in
#include statements.
Impact
A user could be enticed to source a carefully crafted file which
will allow the attacker to execute arbitrary code with the
permissions of the user running Cscope.
Workaround
There is no known workaround at this time.
Resolution
All Cscope users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/cscope-15.5-r6"
References
[ 1 ] CVE-2004-2541
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-10.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200606-11
Severity: Normal
Title: JPEG library: Denial of Service
Date: June 11, 2006
Bugs: #130889
ID: 200606-11
Synopsis
The JPEG library is vulnerable to a Denial of Service.
Background
The JPEG library is able to load, handle and manipulate images
in the JPEG format.
Affected packages
Package / Vulnerable / Unaffected
1 media-libs/jpeg < 6b-r7 >= 6b-r7
Description
Tavis Ormandy of the Gentoo Linux Auditing Team discovered that
the vulnerable JPEG library ebuilds compile JPEG without the
–maxmem feature which is not recommended.
Impact
By enticing a user to load a specially crafted JPEG image file
an attacker could cause a Denial of Service, due to memory
exhaustion.
Workaround
There is no known workaround at this time.
Resolution
JPEG users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/jpeg-6b-r7"
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200606-12
Severity: Normal
Title: Mozilla Firefox: Multiple vulnerabilities
Date: June 11, 2006
Bugs: #135254
ID: 200606-12
Synopsis
Vulnerabilities in Mozilla Firefox allow privilege escalations
for JavaScript code, cross site scripting attacks, HTTP response
smuggling and possibly the execution of arbitrary code.
Background
Mozilla Firefox is the next-generation web browser from the
Mozilla project.
Affected packages
Package / Vulnerable / Unaffected
1 www-client/mozilla-firefox < 1.5.0.4 >= 1.5.0.4 2 www-client/mozilla-firefox-bin < 1.5.0.4 >= 1.5.0.4 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
Description
A number of vulnerabilities were found and fixed in Mozilla
Firefox. For details please consult the references below.
Impact
By enticing the user to visit a malicious website, a remote
attacker can inject arbitrary HTML and JavaScript Code into the
user’s browser, execute JavaScript code with elevated privileges
and possibly execute arbitrary code with the permissions of the
user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.5.0.4"
All Mozilla Firefox binary users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-bin-1.5.0.4"
Note: There is no stable fixed version for the Alpha
architecture yet. Users of Mozilla Firefox on Alpha should consider
unmerging it until such a version is available.
References
[ 1 ] CVE-2006-2775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2775
[ 2 ] CVE-2006-2776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2776
[ 3 ] CVE-2006-2777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2777
[ 4 ] CVE-2006-2778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2778
[ 5 ] CVE-2006-2779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2779
[ 6 ] CVE-2006-2780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2780
[ 7 ] CVE-2006-2782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2782
[ 8 ] CVE-2006-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
[ 9 ] CVE-2006-2784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2784
[ 10 ] CVE-2006-2785
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2785
[ 11 ] CVE-2006-2786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2786
[ 12 ] CVE-2006-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2787
[ 13 ] Mozilla Foundation Security Advisories
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Firefox
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200606-13
Severity: Normal
Title: MySQL: SQL Injection
Date: June 11, 2006
Bugs: #135076
ID: 200606-13
Synopsis
MySQL is vulnerable to an SQL Injection flaw in the multi-byte
encoding process.
Background
MySQL is a popular multi-threaded, multi-user SQL server.
Affected packages
Package / Vulnerable / Unaffected
1 dev-db/mysql < 4.1.20 *>= 4.1.20 >= 5.0.22 dev-db/mysql < 5.0.22 *>= 4.1.20 >= 5.0.22
Description
MySQL is vulnerable to an injection flaw in mysql_real_escape()
when used with multi-byte characters.
Impact
Due to a flaw in the multi-byte character process, an attacker
is still able to inject arbitary SQL statements into the MySQL
server for execution.
Workaround
There are a few workarounds available: NO_BACKSLASH_ESCAPES mode
as a workaround for a bug in mysql_real_escape_string(): SET
sql_mode=’NO_BACKSLASH_ESCAPES’; SET GLOBAL
sql_mode=’NO_BACKSLASH_ESCAPES’; and server command line options:
–sql-mode=NO_BACKSLASH_ESCAPES.
Resolution
All MySQL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/mysql-4.1.20"
References
[ 1 ] CVE-2006-2753
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-13.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200606-14
Severity: High
Title: GDM: Privilege escalation
Date: June 12, 2006
Bugs: #135027
ID: 200606-14
Synopsis
An authentication error in GDM could allow users to gain
elevated privileges.
Background
GDM is the GNOME display manager.
Affected packages
Package / Vulnerable / Unaffected
1 gnome-base/gdm < 2.8.0.8 >= 2.8.0.8
Description
GDM allows a normal user to access the configuration
manager.
Impact
When the “face browser” in GDM is enabled, a normal user can use
the “configure login manager” with his/her own password instead of
the root password, and thus gain additional privileges.
Workaround
There is no known workaround at this time.
Resolution
All GDM users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-2.8.0.8"
References
[ 1 ] Gnome Bugzilla entry
http://bugzilla.gnome.org/show_bug.cgi?id=343476
[ 2 ] CVE-2006-2452
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2452
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200606-14.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:099
http://www.mandriva.com/security/
Package : freetype2
Date : June 12, 2006
Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall
2.0
Problem Description:
Integer underflow in Freetype before 2.2 allows remote attackers
to cause a denial of service (crash) via a font file with an odd
number of blue values, which causes the underflow when decrementing
by 2 in a context that assumes an even number of values.
(CVE-2006-0747)
Multiple integer overflows in FreeType before 2.2 allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2)
sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function
and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861)
Ftutil.c in Freetype before 2.2 allows remote attackers to cause
a denial of service (crash) via a crafted font file that triggers a
null dereference. (CVE-2006-2661)
In addition, a patch is applied to 2.1.10 in Mandriva 2006 to
fix a serious bug in ttkern.c that caused some programs to go into
an infinite loop when dealing with fonts that don’t have a properly
sorted kerning sub-table. This patch is not applicable to the
earlier Mandriva releases.
Packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661
Updated Packages:
Mandriva Linux 10.2:
500d6a0363b912d3708164333618ea9a
10.2/RPMS/libfreetype6-2.1.9-6.1.102mdkmdk.i586.rpm
8dc7ea21f0c7485fb2e89722b61662e6
10.2/RPMS/libfreetype6-devel-2.1.9-6.1.102mdkmdk.i586.rpm
822d356b7df358d6fd33fdcba1ecce48
10.2/RPMS/libfreetype6-static-devel-2.1.9-6.1.102mdkmdk.i586.rpm
01fc46490cdad24a0ac7145ad1400fbe
10.2/SRPMS/freetype2-2.1.9-6.1.102mdkmdk.src.rpm
Mandriva Linux 10.2/X86_64:
8bafa7103832649910ff29e46d3414da
x86_64/10.2/RPMS/lib64freetype6-2.1.9-6.1.102mdkmdk.x86_64.rpm
116215379bbfe0cdf14cccce370fd74c
x86_64/10.2/RPMS/lib64freetype6-devel-2.1.9-6.1.102mdkmdk.x86_64.rpm
01ce8b9853b9e509a7d8f034ff21cfb6
x86_64/10.2/RPMS/lib64freetype6-static-devel-2.1.9-6.1.102mdkmdk.x86_64.rpm
500d6a0363b912d3708164333618ea9a
x86_64/10.2/RPMS/libfreetype6-2.1.9-6.1.102mdkmdk.i586.rpm
8dc7ea21f0c7485fb2e89722b61662e6
x86_64/10.2/RPMS/libfreetype6-devel-2.1.9-6.1.102mdkmdk.i586.rpm
822d356b7df358d6fd33fdcba1ecce48
x86_64/10.2/RPMS/libfreetype6-static-devel-2.1.9-6.1.102mdkmdk.i586.rpm
01fc46490cdad24a0ac7145ad1400fbe
x86_64/10.2/SRPMS/freetype2-2.1.9-6.1.102mdkmdk.src.rpm
Mandriva Linux 2006.0:
6068722811b9404d5aa08ee477987fb2
2006.0/RPMS/libfreetype6-2.1.10-9.2.20060mdk.i586.rpm
817917e69abb5674f646544308536419
2006.0/RPMS/libfreetype6-devel-2.1.10-9.2.20060mdk.i586.rpm
dc4748e47335cc44243e39711c04def5
2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.2.20060mdk.i586.rpm
6fbbc5e83a43e7c0b4c09593892ca554
2006.0/SRPMS/freetype2-2.1.10-9.2.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
985900ddba982582ecb7d7eb51c20200
x86_64/2006.0/RPMS/lib64freetype6-2.1.10-9.2.20060mdk.x86_64.rpm
afe093ac0ef65d5f5505f0c907d9c8dc
x86_64/2006.0/RPMS/lib64freetype6-devel-2.1.10-9.2.20060mdk.x86_64.rpm
6f924308e4c1fe2da976a8d7905b9c45
x86_64/2006.0/RPMS/lib64freetype6-static-devel-2.1.10-9.2.20060mdk.x86_64.rpm
6068722811b9404d5aa08ee477987fb2
x86_64/2006.0/RPMS/libfreetype6-2.1.10-9.2.20060mdk.i586.rpm
817917e69abb5674f646544308536419
x86_64/2006.0/RPMS/libfreetype6-devel-2.1.10-9.2.20060mdk.i586.rpm
dc4748e47335cc44243e39711c04def5
x86_64/2006.0/RPMS/libfreetype6-static-devel-2.1.10-9.2.20060mdk.i586.rpm
6fbbc5e83a43e7c0b4c09593892ca554
x86_64/2006.0/SRPMS/freetype2-2.1.10-9.2.20060mdk.src.rpm
Corporate 3.0:
ffb8fe54281b48ae7c8c0df2cdff4226
corporate/3.0/RPMS/libfreetype6-2.1.7-4.1.C30mdkmdk.i586.rpm
8160069b2aedc139d573d06786362b38
corporate/3.0/RPMS/libfreetype6-devel-2.1.7-4.1.C30mdkmdk.i586.rpm
3dc8f49900b644bdbed9c1ff87eab2e8
corporate/3.0/RPMS/libfreetype6-static-devel-2.1.7-4.1.C30mdkmdk.i586.rpm
f3435422496277db7390cfc62ca58b3a
corporate/3.0/SRPMS/freetype2-2.1.7-4.1.C30mdkmdk.src.rpm
Corporate 3.0/X86_64:
86b12f1232fd54bcd76c59f9598a190d
x86_64/corporate/3.0/RPMS/lib64freetype6-2.1.7-4.1.C30mdkmdk.x86_64.rpm
db3ab38c85b3a39b848a499e4f2688c3
x86_64/corporate/3.0/RPMS/lib64freetype6-devel-2.1.7-4.1.C30mdkmdk.x86_64.rpm
e689dbcd16c9541b6704c50a4c6e39c1
x86_64/corporate/3.0/RPMS/lib64freetype6-static-devel-2.1.7-4.1.C30mdkmdk.x86_64.rpm
ffb8fe54281b48ae7c8c0df2cdff4226
x86_64/corporate/3.0/RPMS/libfreetype6-2.1.7-4.1.C30mdkmdk.i586.rpm
f3435422496277db7390cfc62ca58b3a
x86_64/corporate/3.0/SRPMS/freetype2-2.1.7-4.1.C30mdkmdk.src.rpm
Multi Network Firewall 2.0:
cd2ba6684b905ded5e1c41ea052d78d7
mnf/2.0/RPMS/libfreetype6-2.1.7-4.1.M20mdkmdk.i586.rpm
0b4bbd4fa79099031c2186f51a5defaa
mnf/2.0/SRPMS/freetype2-2.1.7-4.1.M20mdkmdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>