Advisories: March 24, 2005

Fedora Core

Fedora Update Notification
FEDORA-2005-244
2005-03-23

Product : Fedora Core 2
Name : kdelibs
Version : 3.2.2
Release : 14.FC2
Summary : K Desktop Environment – Libraries

Description :
Libraries for the K Desktop Environment: KDE Libraries included:
kdecore (KDE core library), kdeui (user interface), kfm (file
manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

Wed Mar 2 2005 Than Ngo <than@redhat.com> 6:3.2.2-14.FC2
- Applied patch to fix DCOP DoS, CAN-2005-0396, #150090 thanks
  KDE security team
Wed Feb 16 2005 Than Ngo <than@redhat.com> 3.2.2-13.FC2
- Applied patch to fix dcopidlng insecure temporary file usage,
  CAN-2005-0365, #148823

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

aaa0cb8e445fa90e1847892e256282d5
SRPMS/kdelibs-3.2.2-14.FC2.src.rpm
1dadffe3da3ea39e8c5916101d46aee3
x86_64/kdelibs-3.2.2-14.FC2.x86_64.rpm
73d5e1ed8ce19204593df1a0c8434713
x86_64/kdelibs-devel-3.2.2-14.FC2.x86_64.rpm
72b1a5439fc9f8f270dbe220f1e8c15b
x86_64/debug/kdelibs-debuginfo-3.2.2-14.FC2.x86_64.rpm
1df0c931f51840cdf5079a08606f4a55
i386/kdelibs-3.2.2-14.FC2.i386.rpm
e2846a3d48ed4f68f286af01c591a6da
i386/kdelibs-devel-3.2.2-14.FC2.i386.rpm
8e14d65d02656ee73dc1850d80c96e2c
i386/debug/kdelibs-debuginfo-3.2.2-14.FC2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-245
2005-03-23

Product : Fedora Core 3
Name : kdelibs
Version : 3.3.1
Release : 2.9.FC3
Summary : K Desktop Environment – Libraries

Wed Mar 23 2005 Than Ngo <than@redhat.com>
6:3.3.1-2.9.FC3
- Applied patch to fix konqueror international domain name
  spoofing, CAN-2005-0237, #147405
- get rid of broken AltiVec instructions on ppc
Wed Mar 2 2005 Than Ngo <than@redhat.com> 6:3.3.1-2.8.FC3
- Applied patch to fix DCOP DoS, CAN-2005-0396, #150092 thanks
  KDE security team
Wed Feb 16 2005 Than Ngo <than@redhat.com>
6:3.3.1-2.7.FC3
- Applied patch to fix dcopidlng insecure temporary file usage,
  CAN-2005-0365, #148823

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

c28ef6077f606f12a42cc9353b44dbfb
SRPMS/kdelibs-3.3.1-2.9.FC3.src.rpm
27aa0f9c550e57fecd378e5e7c5aff97
x86_64/kdelibs-3.3.1-2.9.FC3.x86_64.rpm
f2801218b5ff4be23df191f5de57fa42
x86_64/kdelibs-devel-3.3.1-2.9.FC3.x86_64.rpm
add5d7c4324e4790ee84441237225e88
x86_64/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.x86_64.rpm
4ef5aaa433f4108d56110118c35e3f7f
x86_64/kdelibs-3.3.1-2.9.FC3.i386.rpm
4ef5aaa433f4108d56110118c35e3f7f
i386/kdelibs-3.3.1-2.9.FC3.i386.rpm
5aca755d133987148fb5885b08daad24
i386/kdelibs-devel-3.3.1-2.9.FC3.i386.rpm
f79bcea56792848db679d141f9bd903b
i386/debug/kdelibs-debuginfo-3.3.1-2.9.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-246
2005-03-23

Product : Fedora Core 3
Name : firefox
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Firefox Web browser.

Description :
Mozilla Firefox is an open-source web browser, designed for
standards compliance, performance and portability.

Update Information:

A buffer overflow bug was found in the way Firefox processes GIF
images. It is possible for an attacker to create a specially
crafted GIF image, which when viewed by a victim will execute
arbitrary code as the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a
malicious web page can trick a user into dragging an object, it is
possible to load malicious XUL content. The Common Vulnerabilities
and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the
sidebar. If a user can be tricked into bookmarking a malicious web
page into the sidebar panel, that page could execute arbitrary
programs. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package
which contains Firefox version 1.0.2 and is not vulnerable to these
issues.

Additionally, there was a bug found in the way Firefox rendered
some fonts, notably the Tahoma font while italicized. This issue
has been filed as Bug 150041 (bugzilla.redhat.com/). This
updated package contains a fix for this issue.

Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com>
0:1.0.2-1.3.1
- Firefox 1.0.2
- Fix issues with italic rendering using certain fonts (e.g.
  Tahoma)
- Add upstream fix to reduce round trips to xserver during remote
  control
- Add upstream fix to call g_set_application_name

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a461bc4e69e10779b3a46944f6b3fd23
SRPMS/firefox-1.0.2-1.3.1.src.rpm
1951b68e390da2f45177df9c016240a0
x86_64/firefox-1.0.2-1.3.1.x86_64.rpm
a81f4837b641ae78f3f6559cbf05715c
x86_64/debug/firefox-debuginfo-1.0.2-1.3.1.x86_64.rpm
9b19361c8a3dc98edaa07eb1043c11b3
i386/firefox-1.0.2-1.3.1.i386.rpm
a97e425d13c5abb994520829b16b8063
i386/debug/firefox-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-247
2005-03-23

Product : Fedora Core 3
Name : thunderbird
Version : 1.0.2
Release : 1.3.1
Summary : Mozilla Thunderbird mail/newsgroup client

Description :
Mozilla Thunderbird is a standalone mail and newsgroup client.

Update Information:

A buffer overflow bug was found in the way Thunderbird processes
GIF images. It is possible for an attacker to create a specially
crafted GIF image, which when viewed by a victim will execute
arbitrary code as the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0399 to this issue.

A bug was found in the Thunderbird string handling functions. If
a malicious website is able to exhaust a system’s memory, it
becomes possible to execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0255 to this issue.

Users of Thunderbird are advised to upgrade to this updated
package which contains Thunderbird version 1.0.2 and is not
vulnerable to these issues.

This update enables pango rendering by default.

Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com>
1.0.2-1.3.1
- Thunderbird 1.0.2
- Enable pango rendering
Tue Mar 8 2005 Christopher Aillon <caillon@redhat.com>
1.0-5
- Add patch to compile against new fortified glibc macros
Sat Mar 5 2005 Christopher Aillon <caillon@redhat.com>
1.0-4
- Rebuild against GCC 4.0
- Add execshield patches
- Minor specfile cleanup
Mon Dec 20 2004 Christopher Aillon <caillon@redhat.com>
1.0-3
- Rebuild
Thu Dec 16 2004 Christopher Aillon <caillon@redhat.com>
1.0-2
- Add RPM version to useragent
Thu Dec 16 2004 Christopher Blizzard
<blizzard@redhat.com>
- Port over pango patches from firefox
Wed Dec 8 2004 Christopher Aillon <caillon@redhat.com>
1.0-1.3.1
- Thunderbird 1.0
Mon Dec 6 2004 Christopher Aillon <caillon@redhat.com>
1.0-0.rc1.1
- Fix advanced prefs
Fri Dec 3 2004 Christopher Aillon <caillon@redhat.com>
- Make this run on s390(x) now for real
Wed Dec 1 2004 Christopher Aillon <caillon@redhat.com>
1.0-0.rc1.0
- Update to 1.0 rc1

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

a7764787e90a38e1a7d121b5393c946c
SRPMS/thunderbird-1.0.2-1.3.1.src.rpm
642aec4401a1e924bc1569a8a28d2f18
x86_64/thunderbird-1.0.2-1.3.1.x86_64.rpm
b1c171a3a1ec24d996e36f8e3efec462
x86_64/debug/thunderbird-debuginfo-1.0.2-1.3.1.x86_64.rpm
f8872d466515e23b7eb4e49564a24f9f
i386/thunderbird-1.0.2-1.3.1.i386.rpm
90eb655353de9280aa8595becc07496c
i386/debug/thunderbird-debuginfo-1.0.2-1.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-249
2005-03-23

Product : Fedora Core 3
Name : mozilla
Version : 1.7.6
Release : 1.3.2
Summary : Web browser and mail reader

Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.

Update Information:

A buffer overflow bug was found in the way Mozilla processes GIF
images. It is possible for an attacker to create a specially
crafted GIF image, which when viewed by a victim will execute
arbitrary code as the victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0399 to this issue.

A bug was found in the way Mozilla responds to proxy auth
requests. It is possible for a malicious webserver to steal
credentials from a victims browser by issuing a 407 proxy
authentication request. (CAN-2005-0147)

A bug was found in the way Mozilla displays dialog windows. It
is possible that a malicious web page which is being displayed in a
background tab could present the user with a dialog window
appearing to come from the active page. (CAN-2004-1380)

A bug was found in the way Mozilla Mail handles cookies when
loading content over HTTP regardless of the user’s preference. It
is possible that a particular user could be tracked through the use
of malicious mail messages which load content over HTTP.
(CAN-2005-0149)

A flaw was found in the way Mozilla displays international
domain names. It is possible for an attacker to display a valid
URL, tricking the user into thinking they are viewing a legitimate
webpage when they are not. (CAN-2005-0233)

A bug was found in the way Mozilla handles pop-up windows. It is
possible for a malicious website to control the content in an
unrelated site’s pop-up window. (CAN-2004-1156)

A bug was found in the way Mozilla saves temporary files.
Temporary files are saved with world readable permissions, which
could allow a local malicious user to view potentially sensitive
data. (CAN-2005-0142)

A bug was found in the way Mozilla handles synthetic middle
click events. It is possible for a malicious web page to steal the
contents of a victims clipboard. (CAN-2005-0146)

A bug was found in the way Mozilla processes XUL content. If a
malicious web page can trick a user into dragging an object, it is
possible to load malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla loads links in a new tab
which are middle clicked. A malicious web page could read local
files or modify privileged chrom settings. (CAN-2005-0141)

A bug was found in the way Mozilla displays the secure site
icon. A malicious web page can use a view-source URL targetted at a
secure page, while loading an insecure page, yet the secure site
icon shows the previous secure state. (CAN-2005-0144)

A bug was found in the way Mozilla displays the secure site
icon. A malicious web page can display the secure site icon by
loading a binary file from a secured site. (CAN-2005-0143)

A bug was found in the way Mozilla displays the download dialog
window. A malicious site can obfuscate the content displayed in the
source field, tricking a user into thinking they are downloading
content from a trusted source. (CAN-2005-0585)

Users of Mozilla are advised to upgrade to this updated package
which contains Mozilla version 1.7.6 to correct these issues.

Wed Mar 22 2005 Christopher Aillon <caillon@redhat.com>
37:1.7.6-1.3.2
- Install all-redhat.js pref files
Tue Mar 22 2005 Christopher Aillon <caillon@redhat.com>
37:1.7.6-1.3.1
- Update to 1.7.6
- Add RPM version to useragent
- Enable smooth scrolling and system colors by default.
- Backport pango fixes from the firefox package, and now enabled
  by default.
- Add upstream fix to reduce round trips to xserver during remote
  control
- Add upstream fix to call g_set_application_name

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

02669640d96d1cc1bb50966bcaca5a4e
SRPMS/mozilla-1.7.6-1.3.2.src.rpm
086140fa80837e4395bd23863d1cd3bc
x86_64/mozilla-1.7.6-1.3.2.x86_64.rpm
399367ebf6f9d4f9498473984634c0ce
x86_64/mozilla-nspr-1.7.6-1.3.2.x86_64.rpm
dabf52db59410c637ae33902009136ab
x86_64/mozilla-nspr-devel-1.7.6-1.3.2.x86_64.rpm
5172afe0363245d1172488021b3ad9bf
x86_64/mozilla-nss-1.7.6-1.3.2.x86_64.rpm
678f8d13728810ee930350440c706947
x86_64/mozilla-nss-devel-1.7.6-1.3.2.x86_64.rpm
7ff378a5d83625991fc0c51729a788f9
x86_64/mozilla-devel-1.7.6-1.3.2.x86_64.rpm
0107bce1bc3fe6e102aa8da01bb85ab7
x86_64/mozilla-mail-1.7.6-1.3.2.x86_64.rpm
3213705339c737d8bcc29616874a7d5c
x86_64/mozilla-chat-1.7.6-1.3.2.x86_64.rpm
765be3f54ee532d841ffeaeede8101e0
x86_64/mozilla-js-debugger-1.7.6-1.3.2.x86_64.rpm
61fb797c0664a3583066d744b2aa9581
x86_64/mozilla-dom-inspector-1.7.6-1.3.2.x86_64.rpm
5a19978771f9d234ba77bb150e93438a
x86_64/debug/mozilla-debuginfo-1.7.6-1.3.2.x86_64.rpm
a4b85d9372781b5f68395fa4ac8d7340
x86_64/mozilla-nspr-1.7.6-1.3.2.i386.rpm
d35ce4037dafb1ec40c2cec9304b61ba
x86_64/mozilla-nss-1.7.6-1.3.2.i386.rpm
98aa9de7049b5343e39a2e26040672fa
i386/mozilla-1.7.6-1.3.2.i386.rpm
a4b85d9372781b5f68395fa4ac8d7340
i386/mozilla-nspr-1.7.6-1.3.2.i386.rpm
65a61de5c98a9e0b2843aa928b00228b
i386/mozilla-nspr-devel-1.7.6-1.3.2.i386.rpm
d35ce4037dafb1ec40c2cec9304b61ba
i386/mozilla-nss-1.7.6-1.3.2.i386.rpm
24d648cc13985e7bcedb8df625a59359
i386/mozilla-nss-devel-1.7.6-1.3.2.i386.rpm
92fd43a847dfccba9ea7dcc0473d18f7
i386/mozilla-devel-1.7.6-1.3.2.i386.rpm
783772ada6aefc80993931a46c7650cf
i386/mozilla-mail-1.7.6-1.3.2.i386.rpm
f49ca97eeffc2355fdbe4de8ad32db1b
i386/mozilla-chat-1.7.6-1.3.2.i386.rpm
c63029efea76cbe664b46db3a881386a
i386/mozilla-js-debugger-1.7.6-1.3.2.i386.rpm
9564486586776c0e3b40f5b6e56cbe5e
i386/mozilla-dom-inspector-1.7.6-1.3.2.i386.rpm
9a2fa3f14fbb6af45d3bb43bd00b2974
i386/debug/mozilla-debuginfo-1.7.6-1.3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-252
2005-03-23

Product : Fedora Core 3
Name : devhelp
Version : 0.9.2
Release : 2.3.1
Summary : API document browser

Description :
A API document browser for GNOME 2.

Update Information:

There were several security flaws found in the mozilla package,
which devhelp depends on. Users of devhelp are advised to upgrade
to this updated package which has been rebuilt against a later
version of mozilla which is not vulnerable to these flaws.

Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com>
0.9.2-2.3.1
- Build against mozilla 1.7.6

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

6c151fff55a839f25ec6badfa532d56c
SRPMS/devhelp-0.9.2-2.3.1.src.rpm
d0e75caaaa0e6c3e07e2033f8848137b
x86_64/devhelp-0.9.2-2.3.1.x86_64.rpm
1d014b859ea02e697133725b4a68cda3
x86_64/devhelp-devel-0.9.2-2.3.1.x86_64.rpm
5daa38a6f9a18d3f3e81ceef03243331
x86_64/debug/devhelp-debuginfo-0.9.2-2.3.1.x86_64.rpm
304625c2d7548ab99399566b9c5184e0
i386/devhelp-0.9.2-2.3.1.i386.rpm
95daa11b364e50c340b13950e4fb0115
i386/devhelp-devel-0.9.2-2.3.1.i386.rpm
80f5c322ca9789d25b0bd5cfe855c827
i386/debug/devhelp-debuginfo-0.9.2-2.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-254
2005-03-23

Product : Fedora Core 3
Name : epiphany
Version : 1.4.4
Release : 4.3.1
Summary : GNOME web browser based on the Mozilla rendering
engine

Description :
epiphany is a simple GNOME web browser based on the Mozilla
rendering engine

Update Information:

There were several security flaws found in the mozilla package,
which epiphany depends on. Users of epiphany are advised to upgrade
to this updated package which has been rebuilt against a later
version of mozilla which is not vulnerable to these flaws.

Wed Mar 23 2005 Christopher Aillon <caillon@redhat.com>
1.4.4-4.3.1
- Build against 1.7.6

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

ee392eccf5da0006b3cf7d15fc5b3827
SRPMS/epiphany-1.4.4-4.3.1.src.rpm
2ff6cfeb569e92932c726c3be0c6ca6b
x86_64/epiphany-1.4.4-4.3.1.x86_64.rpm
d8e15cd2a4b75f1583ef8cdf8c02be7a
x86_64/epiphany-devel-1.4.4-4.3.1.x86_64.rpm
e036ff59e6cdfe79b1ec2143b487a20f
x86_64/debug/epiphany-debuginfo-1.4.4-4.3.1.x86_64.rpm
a2b5e1b52dc3e7dd748184b1434d60cb
i386/epiphany-1.4.4-4.3.1.i386.rpm
caee256a486e64bc37f47b2246929d1c
i386/epiphany-devel-1.4.4-4.3.1.i386.rpm
b264f825744b5a29d0e646c47eda0c3d
i386/debug/epiphany-debuginfo-1.4.4-4.3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Fedora Update Notification
FEDORA-2005-255
2005-03-23

Product : Fedora Core 3
Name : evolution
Version : 2.0.4
Release : 2
Summary : GNOME’s next-generation groupware suite

Description :
Evolution is the GNOME mailer, calendar, contact manager and
communications tool. The tools which make up Evolution will be
tightly integrated with one another and act as a seamless personal
information-management tool.

Update Information:

There were several security flaws found in the mozilla package,
which evolution depends on. Users of evolution are advised to
upgrade to this updated package which has been rebuilt against a
later version of mozilla which is not vulnerable to these
flaws.

Wed Mar 23 2005 David Malcolm <dmalcolm@redhat.com> –
2.0.4-2
- Removed explicit run-time spec-file requirement on mozilla. The
  Mozilla NSS API/ABI stabilised by version 1.7.3 The libraries are
  always located in the libdir However, the headers are in
  /usr/include/mozilla-1.7.6 and so they move each time the mozilla
  version changes. So we no longer have an explicit mozilla run-time
  requirement in the specfile; a requirement on the appropriate NSS
  and NSPR .so files is automagically generated on build.
  We have an explicit, exact build-time version, so that we can
  find the headers (without invoking an RPM query from the spec file;
  to do so is considered bad practice)
- Introduced mozilla_build_version, to replace mozilla_version
  (now 1.7.6)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

7631fea197a1ccd056b1823be75a023c
SRPMS/evolution-2.0.4-2.src.rpm
14c411da1ca80dff7aa6a625cc2c5365
x86_64/evolution-2.0.4-2.x86_64.rpm
4fc5867087714e7a59f5e1da1cc71e1d
x86_64/evolution-devel-2.0.4-2.x86_64.rpm
0a17830e4f2b39aed9e7883c51421085
x86_64/debug/evolution-debuginfo-2.0.4-2.x86_64.rpm
35f623a4203d3ca943e423c6607e69b8
i386/evolution-2.0.4-2.i386.rpm
a940f9dd3baf9f54f91110e3488695f5
i386/evolution-devel-2.0.4-2.i386.rpm
fe42b6729dd452612e70bc941cba7226
i386/debug/evolution-debuginfo-2.0.4-2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200503-28

http://security.gentoo.org/

Severity: Normal
Title: Sun Java: Web Start argument injection vulnerability
Date: March 24, 2005
Bugs: #85804
ID: 200503-28

Synopsis

Java Web Start JNLP files can be abused to evade sandbox
restriction and execute arbitrary code.

Background

Sun provides implementations of Java Development Kits (JDK) and
Java Runtime Environments (JRE). These implementations provide the
Java Web Start technology that can be used for easy client-side
deployment of Java applications.

Affected packages

     Package               /  Vulnerable  /                 Unaffected

  1  dev-java/sun-jdk         < 1.4.2.07                   >= 1.4.2.07
                                                              < 1.4.2
  2  dev-java/sun-jre-bin     < 1.4.2.07               >=1.4.2.07
                                                              < 1.4.2
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.

Description

Jouko Pynnonen discovered that Java Web Start contains a
vulnerability in the way it handles property tags in JNLP
files.

Impact

By enticing a user to open a malicious JNLP file, a remote
attacker could pass command line arguments to the Java Virtual
machine, which can be used to bypass the Java “sandbox” and to
execute arbitrary code with the permissions of the user running the
application.

Workaround

There is no known workaround at this time.

Resolution

All Sun JDK users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.4.2.07"

All Sun JRE users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.4.2.07"

References

[ 1 ] Jouko Pynnonen advisory

http://jouko.iki.fi/adv/ws.html

[ 2 ] Sun Microsystems Alert Notification

http://sunsolve.sun.com/search/document.do?assetkey=1-26-57740-1

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-28.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Gentoo Linux Security Advisory GLSA 200503-29

http://security.gentoo.org/

Severity: Low
Title: GnuPG: OpenPGP protocol attack
Date: March 24, 2005
Bugs: #85547
ID: 200503-29

Synopsis

Automated systems using GnuPG may leak plaintext portions of an
encrypted message.

Background

GnuPG is complete and free replacement for PGP, a tool for
secure communication and data storage.

Affected packages

     Package          /  Vulnerable  /                      Unaffected

  1  app-crypt/gnupg       < 1.4.1                            >= 1.4.1

Description

A flaw has been identified in an integrity checking mechanism of
the OpenPGP protocol.

Impact

An automated system using GnuPG that allows an attacker to
repeatedly discover the outcome of an integrity check (perhaps by
observing the time required to return a response, or via overly
verbose error messages) could theoretically reveal a small portion
of plaintext.

Workaround

There is no known workaround at this time.

Resolution

All GnuPG users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/gnupg-1.4.1"

References

[ 1 ] CERT VU#303094

http://www.kb.cert.org/vuls/id/303094

[ 2 ] CAN-2005-0366

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0366

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200503-29.xml

Concerns?

License

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

SUSE Linux

SUSE Security Announcement

Package: kernel
Announcement-ID: SUSE-SA:2005:018
Date: Thu, 24 Mar 2005 15:00:00 +0000
Affected products: 8.2, 9.0, 9.1, 9.2 SUSE Linux Desktop 1.0 SUSE
Linux Enterprise Server 8, 9 Novell Linux Desktop 9
Vulnerability Type: remote denial of service
Severity (1-10): 9
SUSE default package: yes
Cross References: CAN-2005-0449 CAN-2005-0209 CAN-2005-0529
CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210
CAN-2005-0504 CAN-2004-0814 CAN-2004-1333 CAN-2005-0003

Content of this advisory:

security vulnerability resolved: several kernel security
problems problem description
solution/workaround
special instructions and notes
package location and checksums
pending vulnerabilities, solutions, workarounds: See SUSE
Security Summary Report (next one due after Easter).
standard appendix (further information)

1) problem description, brief discussion

The Linux kernel is the core component of the Linux system.

Several vulnerabilities were reported in the last few weeks
which are fixed by this update.

Not all kernels are affected by all the problems, each of the
problems has an affected note attached to it.

The CAN-XXXX-XXX IDs are Mitre CVE Candidate IDs, please see
http://www.mitre.org for more
information.

Following security vulnerabilities are fixed:

CAN-2005-0449: The netfilter/iptables module in Linux before
2.6.8.1 allows remote attackers to cause a denial of service
(kernel crash) or bypass firewall rules via crafted packets, which
are not properly handled by the skb_checksum_help function.
A remote attacker could crash a SUSE Linux system when this
system is used as a router/firewall.

Only SUSE Linux versions using the 2.6 kernels are affected.
CAN-2005-0209: When forwarding fragmented packets, we can only
use hardware assisted checksum once.
This could lead to a denial of service attack / crash
potentially trigger able by remote users.

Only SUSE Linux versions using the 2.6 kernels are affected.
CAN-2005-0529: Linux kernels before 2.6.11 use different size
types for offset arguments to the proc_file_read and
locks_read_proc functions, which leads to a heap-based buffer
overflow when a signed comparison causes negative integers to be
used in a positive context.
Only SUSE Linux versions using the 2.6 kernels are affected.
CAN-2005-0530: Signedness error in the copy_from_read_buf
function in n_tty.c before Linux kernel 2.6.11 allows local users
to read kernel memory via a negative argument.
Only SUSE Linux versions using the 2.6 kernels are affected.
Missing checking in the epoll system calls allowed overwriting
of a small range of kernel memory. This allows a local attacker to
gain root privileges.
All SUSE Linux versions except SUSE Linux 8.2 are affected.
A integer overflow was possible when writing to a sysfs file,
allowing an attacker to overwrite kernel memory.
Only SUSE Linux versions using the 2.6 kernels are affected.
CAN-2005-0532: The reiserfs_copy_from_user_to_file_region
function in reiserfs/file.c before Linux kernel 2.6.11, when
running on 64-bit architectures, may allow local users to trigger a
buffer overflow as a result of casting discrepancies between size_t
and int data types.
This allows a remote attacker to overwrite kernel memory, crash
the machine or potential get root access.

Only SUSE Linux versions using the 2.6 kernels running on 64 bit
machines are affected.
CAN-2005-0384: Fixed a local denial of service attack in the
kernel PPP code. This allows a local attacker to hang the system.
All SUSE Linux versions are affected.
CAN-2005-0210: A dst leak problem in the ip_conntrack module of
the iptables firewall was fixed.
Only SUSE Linux versions using the 2.6 kernels are affected.
CAN-2005-0504: Buffer overflow in the MoxaDriverIoctl function
for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and
2.6.x allows local users to execute arbitrary code via a certain
modified length value.
Only SUSE Linux versions using the 2.6 kernels are fixed, this
was considered too minor for our 2.4 line.
Only root should be able to set the N_MOUSE line discipline,
this is a partial fix for CAN-2004-0814.
Due to an xattr sharing bug in the ext2 and ext3 file systems,
default ACLs could disappear.
Only SUSE Linux versions using the 2.6 kernels are affected.
CAN-2005-0003: Fixed a potential problem with overlapping VMAs
also on 2.4 kernels.
Only SUSE Linux versions using the 2.4 kernels are affected.
CAN-2004-1333: Fixed a local denial of service problem with the
VC_RESIZE ioctl. A local user logged in to a text console can crash
the machine.
Only SUSE Linux versions using the 2.4 kernels are affected.

Additional kernel module had bugs fixed:

antivir / dazuko.ko: The capability handling of this module was
broken and was fixed by a version upgrade.
drbd: A slow memory leak in drbd was fixed.
Bugs fixed after the SUSE Linux Enterprise Server 8 SP4 release
(for the SLES 8 and United Linux 1 updates).
Bugs fixed after the SUSE Linux Enterprise Server 9 SP1 release
(for the SLES 9 and NLD 9 updates).

2) solution/workaround

None. Please install the updated packages.

3) special instructions and notes

SPECIAL INSTALL INSTRUCTIONS:

The following paragraphs will guide you through the installation
process in a step-by-step fashion. The character sequence “****”
marks the beginning of a new paragraph. In some cases, the steps
outlined in a particular paragraph may or may not be applicable to
your situation.
Therefore, please make sure to read through all of the steps below
before attempting any of these procedures. All of the commands that
need to be executed are required to be run as the superuser (root).
Each step relies on the steps before it to complete successfully.

Step 1: Determine the needed kernel type
Please use the following command to find the kernel type that is
installed on your system:

rpm -qf /boot/vmlinuz

Following are the possible kernel types (disregard the version
and build number following the name separated by the “-”
character)

k_deflt # default kernel, good for most systems.
k_i386 # kernel for older processors and chip sets
k_athlon # kernel made specifically for AMD Athlon(tm) family
processors
k_psmp # kernel for Pentium-I dual processor systems
k_smp # kernel for SMP systems (Pentium-II and above)
k_smp4G # kernel for SMP systems which supports a maximum of 4G of
RAM
kernel-64k-pagesize
kernel-bigsmp
kernel-default
kernel-smp
Step 2: Download the package for your system
Please download the kernel RPM package for your distribution
with the name as indicated by Step 1. The list of all kernel rpm
packages is appended below. Note: The kernel-source package does
not contain a binary kernel in bootable form. Instead, it contains
the sources that the binary kernel rpm packages are created from.
It can be used by administrators who have decided to build their
own kernel. Since the kernel-source.rpm is an installable
(compiled) package that contains sources for the linux kernel, it
is not the source RPM for the kernel RPM binary packages.

The kernel RPM binary packages for the distributions can be
found at the locations below ftp://ftp.suse.com/pub/suse/i386/update/.

8.2/rpm/i586
9.0/rpm/i586
9.1/rpm/i586
9.2/rpm/i586

After downloading the kernel RPM package for your system, you
should verify the authenticity of the kernel rpm package using the
methods as listed in section 3) of each SUSE Security
Announcement.
Step 3: Installing your kernel rpm package
Install the rpm package that you have downloaded in Steps 3 or 4
with the command

rpm -Uhv –nodeps –force <K_FILE.RPM>
where <K_FILE.RPM> is the name of the rpm package that you
downloaded.

Warning: After performing this step, your system will likely not
be able to boot if the following steps have not been fully
followed.
Step 4: configuring and creating the initrd
The initrd is a ramdisk that is loaded into the memory of your
system together with the kernel boot image by the bootloader. The
kernel uses the content of this ramdisk to execute commands that
must be run before the kernel can mount its actual root filesystem.
It is usually used to initialize SCSI drivers or NIC drivers for
diskless operation.

The variable INITRD_MODULES in /etc/sysconfig/kernel determines
which kernel modules will be loaded in the initrd before the kernel
has mounted its actual root filesystem. The variable should contain
your SCSI adapter (if any) or filesystem driver modules.

With the installation of the new kernel, the initrd has to be
re-packed with the update kernel modules. Please run the
command

mk_initrd

as root to create a new init ramdisk (initrd) for your system.
On SuSE Linux 8.1 and later, this is done automatically when the
RPM is installed.
Step 5: bootloader
If you run a SUSE LINUX 8.x, SLES8, or SUSE LINUX 9.x system,
there are two options:
Depending on your software configuration, you have either the lilo
bootloader or the grub bootloader installed and initialized on your
system.
The grub bootloader does not require any further actions to be
performed after the new kernel images have been moved in place by
the rpm Update command.
If you have a lilo bootloader installed and initialized, then the
lilo program must be run as root. Use the command

grep LOADER_TYPE /etc/sysconfig/bootloader

to find out which boot loader is configured. If it is lilo, then
you must run the lilo command as root. If grub is listed, then your
system does not require any bootloader initialization.

Warning: An improperly installed bootloader may render your
system

unbootable.
Step 6: reboot
If all of the steps above have been successfully completed on
your system, then the new kernel including the kernel modules and
the initrd should be ready to boot. The system needs to be rebooted
for the changes to become active. Please make sure that all steps
have completed, then reboot using the command

shutdown -r now
or

init 6

Your system should now shut down and reboot with the new
kernel.

4) package location and checksums

Please download the update package for your distribution and
verify its integrity by the methods listed in section 3) of this
announcement. Then, install the package using the command “rpm -Fhv
file.rpm” to apply the update.
Our maintenance customers are being notified individually. The
packages are being offered to install from the maintenance web.

x86 Platform:

x86-64 Platform:

SUSE Linux 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/noarch/kernel-docs-2.6.5-7.151.noarch.rpm
49c8b1ed045cc0a760d09d7d6d4da690

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-default-2.6.5-7.151.x86_64.rpm
af7a4838080ad1272951879d2e802ba6

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/kernel-smp-2.6.5-7.151.x86_64.rpm
d7391560609a9b0125b5e79680e56f83

Advisories: March 24, 2005

Fedora Core

Gentoo Linux

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

SUSE Linux

SPECIAL INSTALL INSTRUCTIONS:

Web Webster

Recommended for you...

Company

Categories