Gentoo Linux
Gentoo Linux Security Advisory GLSA 200505-05
Severity: Normal
Title: gzip: Multiple vulnerabilities
Date: May 09, 2005
Bugs: #89946, #90626
ID: 200505-05
Synopsis
gzip contains multiple vulnerabilities potentially allowing an
attacker to execute arbitrary commands.
Background
gzip (GNU zip) is a popular compression program. The included
zgrep utility allows you to grep gzipped files in place.
Affected packages
Package / Vulnerable / Unaffected
1 app-arch/gzip < 1.3.5-r6 >= 1.3.5-r6
Description
The gzip and gunzip programs are vulnerable to a race condition
when setting file permissions (CAN-2005-0988), as well as improper
handling of filename restoration (CAN-2005-1228). The zgrep utility
improperly sanitizes arguments, which may come from an untrusted
source (CAN-2005-0758).
Impact
These vulnerabilities could allow arbitrary command execution,
changing the permissions of arbitrary files, and installation of
files to an aribitrary location in the filesystem.
Workaround
There is no known workaround at this time.
Resolution
All gzip users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6"
References
[ 1 ] CAN-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758
[ 2 ] CAN-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
[ 3 ] CAN-2005-1228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-05.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200505-06
Severity: Normal
Title: TCPDump: Decoding routines Denial of Service
vulnerability
Date: May 09, 2005
Bugs: #90541
ID: 200505-06
Synopsis
A flaw in the decoding of network packets renders TCPDump
vulnerable to a remote Denial of Service attack.
Background
TCPDump is a tool for network monitoring and data
acquisition.
Affected packages
Package / Vulnerable / Unaffected
1 net-analyzer/tcpdump < 3.8.3-r2 >= 3.8.3-r2
Description
TCPDump improperly handles and decodes ISIS, BGP, LDP
(CAN-2005-1279) and RSVP (CAN-2005-1280) packets. TCPDump might
loop endlessly after receiving malformed packets.
Impact
A malicious remote attacker can exploit the decoding issues for
a Denial of Service attack by sending specially crafted packets,
possibly causing TCPDump to loop endlessly.
Workaround
There is no known workaround at this time.
Resolution
All TCPDump users should upgrade to the latest available
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/tcpdump-3.8.3-r2"
References
[ 1 ] CAN-2005-1279
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279
[ 2 ] CAN-2005-1280
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200505-07
Severity: Normal
Title: libTIFF: Buffer overflow
Date: May 10, 2005
Bugs: #91584
ID: 200505-07
Synopsis
The libTIFF library is vulnerable to a buffer overflow,
potentially resulting in the execution of arbitrary code.
Background
libTIFF provides support for reading and manipulating TIFF (Tag
Image File Format) images.
Affected packages
Package / Vulnerable / Unaffected
1 media-libs/tiff < 3.7.2 >= 3.7.2
Description
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered
a stack based buffer overflow in the libTIFF library when reading a
TIFF image with a malformed BitsPerSample tag.
Impact
Successful exploitation would require the victim to open a
specially crafted TIFF image, resulting in the execution of
arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All libTIFF users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.2"
References
[ 1 ] LIBTIFF BUG#863
http://bugzilla.remotesensing.org/show_bug.cgi?id=843
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200505-08
Severity: Normal
Title: HT Editor: Multiple buffer overflows
Date: May 10, 2005
Bugs: #91569
ID: 200505-08
Synopsis
Two vulnerabilities have been discovered in HT Editor,
potentially leading to the execution of arbitrary code.
Background
HT is a hex editor, designed to help analyse and modify
executable files.
Affected packages
Package / Vulnerable / Unaffected
1 app-editors/hteditor < 0.8.0-r2 >= 0.8.0-r2
Description
Tavis Ormandy of the Gentoo Linux Security Team discovered an
integer overflow in the ELF parser, leading to a heap-based buffer
overflow. The vendor has reported that an unrelated buffer overflow
has been discovered in the PE parser.
Impact
Successful exploitation would require the victim to open a
specially crafted file using HT, potentially permitting an attacker
to execute arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All hteditor users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200505-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Trustix Secure Linux
Trustix Secure Linux Security Advisory #2005-0021
Package name: squid
Summary: ACL bypass
Date: 2005-05-10
Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux
2.2 Trustix Operating System – Enterprise Server 2
Package description:
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and
especially hot objects cached in RAM, caches DNS lookups, supports
non-blocking DNS lookups, and implements negative caching of failed
requests.
Problem description:
Squid 2.5.STABLE9 and earlier does not trigger a fatal error when
it identifies missing or invalid ACLs in the http_access
configuration, which could lead to less restrictive ACLs than
intended by the administrator.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-1345 to this issue.
Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using ‘swup –upgrade’.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.1/>
and
<URI:http://www.trustix.org/errata/trustix-2.2/>
or directly at
<URI:http://www.trustix.org/errata/2005/0021/>
MD5sums of the packages:
e6d0c594be0a5394aff4ecae415d87f4
2.2/rpms/squid-2.5.STABLE9-5tr.i586.rpm
70ac69e23c26b3f0cc86b2dade9ba3be
2.1/rpms/squid-2.5.STABLE9-1tr.i586.rpm
Trustix Security Team