Advisories, June 5, 2006

Slackware Linux

[slackware-security] mysql (SSA:2006-155-01)

New mysql packages are available for Slackware 9.1, 10.0, 10.1,
10.2 and -current to fix security issues.

The MySQL packages shipped with Slackware 9.1, 10.0, and 10.1
may possibly leak sensitive information found in uninitialized
memory to authenticated users. This is fixed in the new packages,
and was already patched in Slackware 10.2 and -current. Since the
vulnerabilities require a valid login and/or access to the database
server, the risk is moderate. Slackware does not provide network
access to a MySQL database by default.

More details about the issues may be found in the Common
Vulnerabilities and Exposures (CVE) database. Fixes that affect
Slackware 9.1, 10.0, and 10.1:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517

The MySQL packages in Slackware 10.2 and -current have been
upgraded to MySQL 4.1.20 (Slackware 10.2) and MySQL 5.0.22
(Slackware -current) to fix an SQL injection vulnerability.

For more details, see the MySQL 4.1.20 release announcement
here:
http://lists.mysql.com/announce/364

And the MySQL 5.0.22 release announcement here:
http://lists.mysql.com/announce/365

The CVE entry for this issue can be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753

Here are the details from the Slackware 10.1 ChangeLog:
+————————–+
patches/packages/mysql-4.0.27-i486-1_slack10.1.tgz:
Upgraded to mysql-4.0.27.
This fixes some minor security issues with possible information
leakage. Note that the information leakage bugs require that the
attacker have access to an account on the database. Also note that
by default, Slackware’s rc.mysqld script does not allow
access to the database through the outside network (it uses the
–skip-networking option). If you’ve enabled network access to
MySQL, it is a good idea to filter the port (3306) to prevent
access from unauthorized machines. For more details, see the MySQL
4.0.27 release announcement here:
http://lists.mysql.com/announce/359

For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517

(* Security fix *)
+————————–+

Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz:
Upgraded to mysql-4.1.20. This fixes an SQL injection
vulnerability. For more details, see the MySQL 4.1.20 release
announcement here:
http://lists.mysql.com/announce/364

The CVE entry for this issue will be found here:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753
+————————–+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com?
Give slackware.osuosl.org/ a try. This
is another primary FTP site for Slackware that can be considerably
faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating
additional FTP and rsync hosting to the Slackware project! 🙂

Also see the “Get Slack” section on http://slackware.com for additional
mirror sites near you.

Updated package for Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/mysql-4.0.27-i486-1_slack9.1.tgz

Updated package for Slackware 10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/mysql-4.0.27-i486-1_slack10.0.tgz

Updated package for Slackware 10.1:

ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/mysql-4.0.27-i486-1_slack10.1.tgz

Updated package for Slackware 10.2:

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mysql-4.1.20-i486-1_slack10.2.tgz

Updated package for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.0.22-i486-1.tgz

MD5 signatures:

Slackware 9.1 package:
eea73f16715c07de52701b67f037e7ab
mysql-4.0.27-i486-1_slack9.1.tgz

Slackware 10.0 package:
6afab2cdd09adf4b4f822db6c74b167e
mysql-4.0.27-i486-1_slack10.0.tgz

Slackware 10.1 package:
cbe2044d3b75606de6f3796d607e7c0a
mysql-4.0.27-i486-1_slack10.1.tgz

Slackware 10.2 package:
249bc3f4610cbedf8b0a6fc64c28c53f
mysql-4.1.20-i486-1_slack10.2.tgz

Slackware -current package:
af1829c54b901bc01fcd269f27580b21 mysql-5.0.22-i486-1.tgz

Installation instructions:

Upgrade the package as root:
# upgradepkg mysql-4.1.20-i486-1_slack10.2.tgz

Then, restart the database server:
# sh /etc/rc.d/rc.mysqld restart

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

[slackware-security] firefox/thunderbird/seamonkey
(SSA:2006-155-02)

New Firefox and Thunderbird packages are available for Slackware
10.2 and -current to fix security issues. In addition, a new
Seamonkey package is available for Slackware -current to fix
similar issues.

More details about the issues may be found here:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox

http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird

http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey

Here are the details from the Slackware 10.2 ChangeLog:
+————————–+
patches/packages/mozilla-firefox-1.5.0.4-i686-1.tgz:
Upgraded to firefox-1.5.0.4.
This upgrade fixes several possible security bugs.
For more information, see:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox

(* Security fix *)
patches/packages/mozilla-thunderbird-1.5.0.4-i686-1.tgz:
Upgraded to thunderbird-1.5.0.4.
This upgrade fixes several possible security bugs.
For more information, see:

http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird

(* Security fix *)
+————————–+

Where to find the new packages:

HINT: Getting slow download speeds from ftp ftp.slackware.com?
Give slackware.osuosl.org/ a try. This
is another primary FTP site for Slackware that can be considerably
faster than downloading from ftp.slackware.com/.

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating
additional FTP and rsync hosting to the Slackware project! 🙂

Also see the “Get Slack” section on http://slackware.com for additional
mirror sites near you.

Updated packages for Slackware 10.2:

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-firefox-1.5.0.4-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/mozilla-thunderbird-1.5.0.4-i686-1.tgz

Updated packages for Slackware -current:

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-firefox-1.5.0.4-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/mozilla-thunderbird-1.5.0.4-i686-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/seamonkey-1.0.2-i486-1.tgz

MD5 signatures:

Slackware 10.2 packages:
1667241a69911f4919016f9e6cb17097
mozilla-firefox-1.5.0.4-i686-1.tgz
ffa2cad209260311bcbff709e77497e9
mozilla-thunderbird-1.5.0.4-i686-1.tgz

Slackware -current packages:
887c9bcba15a5f5285157f0caf9c35e2
mozilla-firefox-1.5.0.4-i686-1.tgz
37ae894879612b0123b132e1ac4f2b42
mozilla-thunderbird-1.5.0.4-i686-1.tgz
22d654319fc13528a92f0efcdc2490fb seamonkey-1.0.2-i486-1.tgz

Installation instructions:

Upgrade the packages as root:
# upgradepkg mozilla-firefox-1.5.0.4-i686-1.tgz
mozilla-thunderbird-1.5.0.4-i686-1.tgz

And for Slackware -current:
# upgradepkg seamonkey-1.0.2-i486-1.tgz

+—–+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2006-0032

Package names: kernel, postgresql
Summary: Multiple vulnerabilities
Date: 2006-06-05
Affected versions: Trustix Secure Linux 2.2<
Trustix Secure Linux 3.0 Trustix Operating System – Enterprise
Server 2

Package description:
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.

postgresql
PostgreSQL is an advanced Object-Relational database management
system (DBMS) that supports almost all SQL constructs (including
transactions, subselects and user-defined types and functions). The
postgresql package includes the client programs and libraries that
you’ll need to access a PostgreSQL DBMS server. These PostgreSQL
client programs are programs that directly manipulate the internal
structure of PostgreSQL databases on a PostgreSQL server. These
client programs can be located on the same machine with the
PostgreSQL server, or may be on a remote machine which accesses a
PostgreSQL server over a network connection. This package contains
the docs in HTML for the whole package, as well as command-line
utilities for managing PostgreSQL databases on a PostgreSQL
server.

Problem description:
kernel < TSL 3.0 >

• New Upstream.
• SECURITY Fix: Pavel Kankovsky discovered that the getsockopt()
  function, when called with an SO_ORIGINAL_DST argument, does not
  properly clear the returned structure, so that a random piece of
  kernel memory is exposed to the user. This could potentially reveal
  sensitive data like passwords or encryption keys.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CVE-2006-1343 to this issue.

postgresql < TSL 3.0 > < TSL 2.2 > < TSEL 2
>

• New Upstream.
• SECURITY Fix: Akio Ishida and Yasuo Ohgaki have reported
  vulnerabilities in PostgreSQL, which potentially can be exploited
  by malicious people to conduct SQL injection attacks.
• The first issue is due to an input validation error when
  handling a parameter containing invalidly-encoded multibyte
  characters, which could be exploited by malicious people to bypass
  standard string-escaping methods and conduct SQL injection attacks
  via a supposedly secure script.
• The second issue is due to an error when escaping ASCII single
  quote “‘” characters and operating in multibyte encodings that
  allow using the “0x5c” ASCII code (backslash) as the trailing byte
  of a multibyte character, which could be exploited by attackers to
  inject arbitrary SQL queries.

The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CVE-2006-2313 and CVE-2006-2314 to these issues.

Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.

Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>

Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>

The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
and
<URI:http://www.trustix.org/errata/trustix-3.0/>

or directly at
<URI:http://www.trustix.org/errata/2006/0032/>

MD5sums of the packages:

121d183196f68f2cf0103f3633bb20c6
3.0/rpms/kernel-2.6.16.19-1tr.i586.rpm
9ed54909e98391d7b186a82faf51bd60
3.0/rpms/kernel-doc-2.6.16.19-1tr.i586.rpm
9d4639a8e76244bbe32418e09a714173
3.0/rpms/kernel-headers-2.6.16.19-1tr.i586.rpm
fc5fbb21717f9aae313837d25f30a1e2
3.0/rpms/kernel-smp-2.6.16.19-1tr.i586.rpm
7b05468af17a0f85c0f00491acba4b29
3.0/rpms/kernel-smp-headers-2.6.16.19-1tr.i586.rpm
91ee589decd8b3a59ed3d2bcdb92679e
3.0/rpms/kernel-source-2.6.16.19-1tr.i586.rpm
c4cb02088d94c56a1b651f35a282af38
3.0/rpms/kernel-utils-2.6.16.19-1tr.i586.rpm
e17cebe683877da8bf30eb623dc253b9
3.0/rpms/postgresql-8.0.8-1tr.i586.rpm
950f2cb976a8ff0dd2c6d70256133d9c
3.0/rpms/postgresql-contrib-8.0.8-1tr.i586.rpm
a50d9d2df08b4e7ac72c6478a2a43618
3.0/rpms/postgresql-devel-8.0.8-1tr.i586.rpm
7d2cc5c1426db73d740e87dd93b4e760
3.0/rpms/postgresql-docs-8.0.8-1tr.i586.rpm
227dade49aeb6e0abe404ef576a4f583
3.0/rpms/postgresql-libs-8.0.8-1tr.i586.rpm
b4036f0a5450324187ed2f60523a40ee
3.0/rpms/postgresql-plperl-8.0.8-1tr.i586.rpm
dba05d0337f9e58669fd32fbf649cc0d
3.0/rpms/postgresql-python-8.0.8-1tr.i586.rpm
137ddd05f7dab3132621a8692dc7972d
3.0/rpms/postgresql-server-8.0.8-1tr.i586.rpm
b26364b4ce735d71a8270546abe120f3
3.0/rpms/postgresql-test-8.0.8-1tr.i586.rpm
0b1e0479135bed99d63897eacd2a78f0
2.2/rpms/postgresql-8.0.8-1tr.i586.rpm
843397887082044cde3a5854a65f392e
2.2/rpms/postgresql-contrib-8.0.8-1tr.i586.rpm
74e6e516a27734fa9547abe30d78b26c
2.2/rpms/postgresql-devel-8.0.8-1tr.i586.rpm
6b63e60bdc3617150a3f579dd660d20e
2.2/rpms/postgresql-docs-8.0.8-1tr.i586.rpm
2abc3b93aea9a0f83484e44b5cb0b50e
2.2/rpms/postgresql-libs-8.0.8-1tr.i586.rpm
49d10191fca0468cf1c05125e5b9b9fb
2.2/rpms/postgresql-plperl-8.0.8-1tr.i586.rpm
efe2ca04380d377e4c5a5b76e6e469ad
2.2/rpms/postgresql-python-8.0.8-1tr.i586.rpm
a9a537c752b145d160859ba950666562
2.2/rpms/postgresql-server-8.0.8-1tr.i586.rpm
7a434f65a08759a9d834cd28e86e14ca
2.2/rpms/postgresql-test-8.0.8-1tr.i586.rpm