CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : curl
SUMMARY : Fix for cURL vulnerability
DATE : 2005-03-21 10:32:00
ID : CLA-2005:940
RELEVANT RELEASES : 10
DESCRIPTION
cURL[1] is a client to get/put files from/to servers, using any of
the supported protocols.
This announcement fixes a remote buffer overflow
vulnerability[2] in cURL that could allow a malicious servers to
execute arbitrary code via base64 encoded replies that exceed the
intended buffer lengths when decoded, which is not properly handled
by the Curl_input_ntlm function in http_ntlm.c during NTLM
authentication or the Curl_krb_kauth and krb4_auth functions in
krb4.c during Kerberos authentication.
SOLUTION
It is recommended that all cURL users upgrade their packages.
IMPORTANT: In order to properly close the vulnerability, all
applications liked against libcurl should also be restart.
REFERENCES
1.http://curl.haxx.se/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0490
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS.curl/curl-7.11.1-53435U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.curl/curl-7.11.1-53435U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.curl/libcurl-devel-7.11.1-53435U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.curl/libcurl-devel-static-7.11.1-53435U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS.curl/libcurl2-7.11.1-53435U10_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
Debian Security Advisory DSA 695-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
March 21st, 2005 http://www.debian.org/security/faq
Package : xli
Vulnerability : buffer overflow, input sanitising, integer
overflow
Problem-Type : local (remote)
Debian-specific: no
CVE IDs : CAN-2001-0775 CAN-2005-0638 CAN-2005-0639
BugTraq ID : 3006
Debian Bug : 298039
Several vulnerabilities have been discovered in xli, an image
viewer for X11. The Common Vulnerabilities and Exposures project
identifies the following problems:
CAN-2001-0775
A buffer overflow in the decoder for FACES format images could
be exploited by an attacker to execute arbitrary code. This problem
has been fixed in xloadimage in DSA 069 already.
CAN-2005-0638
Tavis Ormandy of the Gentoo Linux Security Audit Team has
reported a flaw in the handling of compressed images, where shell
meta-characters are not adequately escaped.
CAN-2005-0639
Insufficient validation of image properties in have been
discovered which could potentially result in buffer management
errors.
For the stable distribution (woody) these problems have been
fixed in version 1.17.0-11woody1.
For the unstable distribution (sid) these problems have been
fixed in version 1.17.0-18.
We recommend that you upgrade your xli package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1.dsc
Size/MD5 checksum: 620 6d2f4c8e2485b6bd0ef76de7bacd0160
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1.diff.gz
Size/MD5 checksum: 17569 5ce0a794f50dd69cc0faedd0d49f6f3a
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
Size/MD5 checksum: 200070 504f916c9a7d062c8f856f1625634ba8
Alpha architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_alpha.deb
Size/MD5 checksum: 173094 97c6717b0574e1fecd8e52da876a5974
ARM architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_arm.deb
Size/MD5 checksum: 143198 6f509ec11267fd9df59b87922bdb54b4
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_i386.deb
Size/MD5 checksum: 137082 0bb37ade30c9f15a1d01f3abad8d25d8
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_ia64.deb
Size/MD5 checksum: 210170 bf8a0a75471db3a865c7bc86c8d06a11
HP Precision architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_hppa.deb
Size/MD5 checksum: 158322 3132e418ecf89e97a861fcbb95f7e84f
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_m68k.deb
Size/MD5 checksum: 128284 8e3a7559a5637cd2c0ec51b95d1b27c4
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_mips.deb
Size/MD5 checksum: 149080 3d8fb60a87739c312d5763cfb24ad73d
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_mipsel.deb
Size/MD5 checksum: 149736 dbca603f4bd2fca9a34a5ab7823708f1
PowerPC architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_powerpc.deb
Size/MD5 checksum: 143336 4c809fe5d90fc60e7e02ce2eaa949f85
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_s390.deb
Size/MD5 checksum: 144662 f3f4c65a1ddaaa0bf6f5f8eef5302e4a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1_sparc.deb
Size/MD5 checksum: 145954 821e695fb31681b653aec3922a3c76c5
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux Security Advisory GLSA 200503-27
Severity: Normal
Title: Xzabite dyndnsupdate: Multiple vulnerabilities
Date: March 21, 2005
Bugs: #84659
ID: 200503-27
Xzabite’s dyndnsupdate software suffers from multiple
vulnerabilities, potentially resulting in the remote execution of
arbitrary code.
dyndnsupdate is a dyndns.org data updater written by Fredrik
“xzabite” Haglund.
Package / Vulnerable / Unaffected
1 net-misc/dyndnsupdate <= 0.6.15 Vulnerable!
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
Toby Dickenson discovered that dyndnsupdate suffers from
multiple overflows.
A remote attacker, posing as a dyndns.org server, could execute
arbitrary code with the rights of the user running
dyndnsupdate.
There is no known workaround at this time.
Currently, there is no released version of dyndnsupdate that
contains a fix for these issues. The original xzabite.org
distribution site is dead, the code contains several other problems
and more secure alternatives exist, such as the net-dns/ddclient
package. Therefore, the dyndnsupdate package has been hard-masked
prior to complete removal from Portage, and current users are
advised to unmerge the package:
# emerge --unmerge net-misc/dyndnsupdate
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200503-27.xml
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Trustix Secure Linux Security Advisory #2005-0009
Package name: kernel, mysql
Summary: Multiple security holes fixed
Date: 2005-03-21
Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux
2.2 Trustix Operating System – Enterprise Server 2
Package description:
kernel:
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.
mysql:
MySQL is a true multi-user, multi-threaded SQL (Structured Query
Language) database server. MySQL is a client/server implementation
that consists of a server daemon (mysqld) and many different client
programs/libraries.
Problem description:
kernel:
Ben Martel and Stephen Blackheath discovered a denial of service
bug in the ppp server handling where a client could hang the
server.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0384 to this issue.
mysql:
Stefano Di Paola discovered three bugs in MySQL:
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
authenticated users with INSERT and DELETE privileges to execute
arbitrary code by using CREATE FUNCTION to access libc calls, as
demonstrated by using strcat, on_exit, and exit.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0709 to this issue.
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote
authenticated users with INSERT and DELETE privileges to bypass
library path restrictions and execute arbitrary libraries by using
INSERT INTO to modify the mysql.func table, which is processed by
the udf_init function.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0710 to this issue.
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses
predictable file names when creating temporary tables, which allows
local users with CREATE TEMPORARY TABLE privileges to overwrite
arbitrary files via a symlink attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0711 to this issue.
Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.1/>
and
<URI:http://www.trustix.org/errata/trustix-2.2/>
or directly at
<URI:http://www.trustix.org/errata/2005/0009/>
MD5sums of the packages:
71d33557d95c1b7713af5a6e5d63d148
2.2/rpms/kernel-2.4.29-4tr.i586.rpm
a3344d1caaa87ef1af6d3fd3cb9fac40
2.2/rpms/kernel-BOOT-2.4.29-4tr.i586.rpm
bad1eaf10795af3e576a95b020a930c3
2.2/rpms/kernel-doc-2.4.29-4tr.i586.rpm
cbfcfe63c6fade391592e503464dabc2
2.2/rpms/kernel-smp-2.4.29-4tr.i586.rpm
f09a63d6e69a65d224a2de73d1cd7e8b
2.2/rpms/kernel-source-2.4.29-4tr.i586.rpm
105379c950590f0488916f583859268a
2.2/rpms/kernel-utils-2.4.29-4tr.i586.rpm
47f78a5e460a19d4084015082a33cbc8
2.2/rpms/mysql-4.1.10a-2tr.i586.rpm
37e1c9b78bb4fa04a3a53a5fb4527b49
2.2/rpms/mysql-bench-4.1.10a-2tr.i586.rpm
0592d8cc0e7198d8a24188fc5b5fc208
2.2/rpms/mysql-client-4.1.10a-2tr.i586.rpm
9162e1eb8b89d14c131634fb9819772b
2.2/rpms/mysql-devel-4.1.10a-2tr.i586.rpm
c053da09c5790a3287bdac88b616e722
2.2/rpms/mysql-libs-4.1.10a-2tr.i586.rpm
c4666923513e794857e7b9947b1e6718
2.2/rpms/mysql-shared-4.1.10a-2tr.i586.rpm
cd1cf2f282385bfe90b3de816637c32e
2.1/rpms/kernel-2.4.29-1tr.i586.rpm
2994f5bca157bc36d119586316f2201b
2.1/rpms/kernel-BOOT-2.4.29-1tr.i586.rpm
2c428d7627fa8d1a381f536b113220de
2.1/rpms/kernel-doc-2.4.29-1tr.i586.rpm
8f9c5c78f6b55eedf2ed45bd03a6f7fc
2.1/rpms/kernel-firewall-2.4.29-1tr.i586.rpm
5aa8786126f2f55b3735ea4721616427
2.1/rpms/kernel-firewallsmp-2.4.29-1tr.i586.rpm
7f2462b904d47260659575c6caa2c84c
2.1/rpms/kernel-smp-2.4.29-1tr.i586.rpm
b671653c5721ea3e79a05f54d0070970
2.1/rpms/kernel-source-2.4.29-1tr.i586.rpm
ed784d3c8a0c80b8a634c6687683cfc8
2.1/rpms/kernel-utils-2.4.29-1tr.i586.rpm
550fb7ba3f6a6f06ed98b5644741061c
2.1/rpms/mysql-4.0.24-1tr.i586.rpm
0ad72064ac9cfadd9db672f33b3dc5cb
2.1/rpms/mysql-bench-4.0.24-1tr.i586.rpm
4f6846b8c7a38705dbdac2409357c479
2.1/rpms/mysql-client-4.0.24-1tr.i586.rpm
caf084df98fb6fdbad8e0a0f7a2cd971
2.1/rpms/mysql-devel-4.0.24-1tr.i586.rpm
4dbcd3e8cffaf9ed4f89161ed19355e0
2.1/rpms/mysql-libs-4.0.24-1tr.i586.rpm
7870630cf5d1fcf12a1799f2e266693c
2.1/rpms/mysql-shared-4.0.24-1tr.i586.rpm
Trustix Security Team
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.