---

Home Security

Advisories, May 19, 2005

By

Debian GNU/Linux

Debian Security Advisory DSA 725-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
May 19th, 2005 http://www.debian.org/security/faq

Package : ppxp
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0392

Jens Steube discovered that ppxp, yet another PPP program, does
not release root privileges when opening potentially user supplied
log files. This can be tricked into opening a root shell.

For the stable distribution (woody) this problem has been fixed
in version 0.2001080415-6woody1.

For the unstable distribution (sid) this problem has been fixed
in version 0.2001080415-11.

We recommend that you upgrade your ppxp package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2.dsc

Size/MD5 checksum: 706 964d29fc5c29b87e0aa86d4166dcdfa5

http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2.diff.gz

Size/MD5 checksum: 8253 3595338ba6d14102c827fecd776d4c11

http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz

Size/MD5 checksum: 426444 35dc6007ee4eafa9685f5e1e695a1464

Alpha architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_alpha.deb

Size/MD5 checksum: 264352 d4bd9bced5e4dc7fa17196a310b5e557

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_alpha.deb

Size/MD5 checksum: 57274 a4313923dbd89b22e9698d654b091a2c

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_alpha.deb

Size/MD5 checksum: 61554 1a1c1ce48b78c56fc30ac934d3d03415

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_alpha.deb

Size/MD5 checksum: 71538 5d5114a8c44791daabc9a83c68137bc9

ARM architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_arm.deb

Size/MD5 checksum: 221798 6152fd047000bb95d4a190bb6379b0b3

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_arm.deb

Size/MD5 checksum: 48290 5f6df1deda8f29283e205fae5766a899

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_arm.deb

Size/MD5 checksum: 57450 df72503ab14df19a597892c56e3932d5

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_arm.deb

Size/MD5 checksum: 60872 27899fde9424dfac635db9769c004433

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_i386.deb

Size/MD5 checksum: 213140 89cb35820dd2f6d249acece5dbfd0fd9

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_i386.deb

Size/MD5 checksum: 46656 bb3d151b9171d4ee00399cebf58c16b7

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_i386.deb

Size/MD5 checksum: 56492 20bd9052ec7241fa8affa417c8ebe8ce

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_i386.deb

Size/MD5 checksum: 58488 90e34feabbd50fc3624986d0fbaea456

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_ia64.deb

Size/MD5 checksum: 301726 d5e978bc304639a6433469dddb2331a3

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_ia64.deb

Size/MD5 checksum: 56466 91ce31c7568cc0a90ff2db609a1c0df4

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_ia64.deb

Size/MD5 checksum: 66850 c719a6205191021e3e1666f089366c56

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_ia64.deb

Size/MD5 checksum: 82930 91f5054797b5e06aa93fc6979f84aec1

HP Precision architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_hppa.deb

Size/MD5 checksum: 241370 b3dd820d17dcbebf08c0db6832ee2794

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_hppa.deb

Size/MD5 checksum: 52530 7ea0bb8a124915b23557462d84111fb0

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_hppa.deb

Size/MD5 checksum: 61200 440bf784087e2caeef6180fb68168962

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_hppa.deb

Size/MD5 checksum: 69298 3d444541b6f4638e1c08fc28bef20b75

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_m68k.deb

Size/MD5 checksum: 209544 f0367ccf232b1db80c9d9019700d3cd1

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_m68k.deb

Size/MD5 checksum: 47256 6c87bf5d43d195219abb26a086cb55da

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_m68k.deb

Size/MD5 checksum: 57572 5d4d73daad751f83543f142463ee2b81

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_m68k.deb

Size/MD5 checksum: 58838 70b368a6e2c88a2e6f8897f2af6bc746

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_mips.deb

Size/MD5 checksum: 242930 f1cdc78af11a5525234b5cb729711f85

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_mips.deb

Size/MD5 checksum: 52216 3c9bdb59cf4e363c7eafe55ad4c98c6d

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_mips.deb

Size/MD5 checksum: 58002 fad1852775b1ffe31378041d61aa0540

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_mips.deb

Size/MD5 checksum: 70490 b44d619f785d86a687dfc7e02fcbd17b

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_mipsel.deb

Size/MD5 checksum: 243254 3023af6b39db97c963f1d42136abddce

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_mipsel.deb

Size/MD5 checksum: 51134 ba2df4e6d00acfd4e34ed65a4b728539

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_mipsel.deb

Size/MD5 checksum: 57786 e5ee8bbbc654f5410737a5a25d4109f3

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_mipsel.deb

Size/MD5 checksum: 68876 6a84fc7283634162786adc8f10a4c4f1

PowerPC architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_powerpc.deb

Size/MD5 checksum: 226996 fefaf9555d2bc59600bd3cba6df65e7c

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_powerpc.deb

Size/MD5 checksum: 50698 fa76f73bd51db1f27a95cf58aefb2899

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_powerpc.deb

Size/MD5 checksum: 58712 62ca9d4cb838da262a83285de145d620

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_powerpc.deb

Size/MD5 checksum: 63314 b51dcdc8bc0f6e6627819aa4ea91ffb3

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_s390.deb

Size/MD5 checksum: 223394 8fa85098c05da6035908cf3c00e371d8

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_s390.deb

Size/MD5 checksum: 48576 6f01949fb43e199475683be2c3f003e9

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_s390.deb

Size/MD5 checksum: 58740 8f9d6017ab0e0dcd110fe7e3a9a1f5b1

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_s390.deb

Size/MD5 checksum: 64706 d6a5b703a46e920e98b3bbff4f1a5d87

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_sparc.deb

Size/MD5 checksum: 228070 78c09baee8c1fcf19812cb5901a2e6b0

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_sparc.deb

Size/MD5 checksum: 49538 b113918f1a2aadfb2d3003d36d3ab825

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_sparc.deb

Size/MD5 checksum: 60172 b113214d78c36c80ff6ead9b1c6fdc86

http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_sparc.deb

Size/MD5 checksum: 66830 ffb39d3d4daa3e6c9a0b1ff0ab5af9a8

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Legacy

Fedora Legacy Update Advisory

Synopsis: Updated libtiff packages fix security issues
Advisory ID: FLSA:152815
Issue date: 2005-05-18
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 CAN-2004-1308
CAN-2004-1183

1. Topic:

Updated libtiff packages that fix various buffer and integer
overflows are now available.

The libtiff package contains a library of functions for
manipulating TIFF (Tagged Image File Format) image format
files.

2. Relevant releases/architectures:

Red Hat Linux 7.3 – i386
Red Hat Linux 9 – i386
Fedora Core 1 – i386

3. Problem description:

During a source code audit, Chris Evans discovered a number of
integer overflow bugs that affect libtiff. An attacker who has the
ability to trick a user into opening a malicious TIFF file could
cause the application linked to libtiff to crash or possibly
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the names CAN-2004-0886 and CAN-2004-0804 to these
issues.

Additionally, a number of buffer overflow bugs that affect
libtiff have been found. An attacker who has the ability to trick a
user into opening a malicious TIFF file could cause the application
linked to libtiff to crash or possibly execute arbitrary code. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-0803 to this issue.

iDEFENSE has reported an integer overflow bug that affects
libtiff. An attacker who has the ability to trick a user into
opening a malicious TIFF file could cause the application linked to
libtiff to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2004-1308 to this issue.

Dmitry V. Levin reported another integer overflow in the
tiffdump utility. An atacker who has the ability to trick a user
into opening a malicious TIFF file with tiffdump could possibly
execute arbitrary code. The Common Vulnerabilities and Exposures
project (cve.mitre.org/) has
assigned the name CAN-2004-1183 to this issue.

All users are advised to upgrade to these updated packages,
which contain backported fixes for these issues.

4. Solution:

Before applying this update, make sure all previously released
errata relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.

5. Bug IDs fixed:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152815

6. RPMs required:

Red Hat Linux 7.3:
SRPM:

http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtiff-3.5.7-2.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm

Red Hat Linux 9:

SRPM:

http://download.fedoralegacy.org/redhat/9/updates/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/redhat/9/updates/i386/libtiff-3.5.7-11.2.legacy.i386.rpm


http://download.fedoralegacy.org/redhat/9/updates/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm

Fedora Core 1:

SRPM:

http://download.fedoralegacy.org/fedora/1/updates/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm

i386:

http://download.fedoralegacy.org/fedora/1/updates/i386/libtiff-3.5.7-14.2.legacy.i386.rpm


http://download.fedoralegacy.org/fedora/1/updates/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm

7. Verification:

SHA1 sum Package Name

524fd6c80901dbd665cfbf0b4ba1eea276a95cca
redhat/7.3/updates/i386/libtiff-3.5.7-2.2.legacy.i386.rpm
3ced2ba5eac07c60515a41d73dbfb0df36cfc962
redhat/7.3/updates/i386/libtiff-devel-3.5.7-2.2.legacy.i386.rpm
864581d2f1d76fcc5d0540173338a84a7a3ffe80
redhat/7.3/updates/SRPMS/libtiff-3.5.7-2.2.legacy.src.rpm
a17298a3be3e3d6f7fce2108ac226ff8ef26ee39
redhat/9/updates/i386/libtiff-3.5.7-11.2.legacy.i386.rpm
b35700b8e8ee819565998a033f484ebd7e837646
redhat/9/updates/i386/libtiff-devel-3.5.7-11.2.legacy.i386.rpm
2024a97a377a37851d3a4be92403eaad0a7b1be2
redhat/9/updates/SRPMS/libtiff-3.5.7-11.2.legacy.src.rpm
8dd2d8035eaf4b0e41cc7ac68536b752387a1cc8
fedora/1/updates/i386/libtiff-3.5.7-14.2.legacy.i386.rpm
4475fb4f26ab358d1c9bf8b6e8da060eace1a8dd
fedora/1/updates/i386/libtiff-devel-3.5.7-14.2.legacy.i386.rpm
f854a97125ca806b9a1c04c985f9939c6b6f7611
fedora/1/updates/SRPMS/libtiff-3.5.7-14.2.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php

You can verify each package with the following command:

rpm –checksig -v <filename>

If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:

sha1sum <filename>

8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0804

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0886

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183

9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>.
More project details at http://www.fedoralegacy.org

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200505-14

http://security.gentoo.org/

Severity: Normal
Title: Cheetah: Untrusted module search path
Date: May 19, 2005
Bugs: #92926
ID: 200505-14

Synopsis

Cheetah contains a vulnerability in the module importing code
that can allow a local user to gain escalated privileges.

Background

Cheetah is a Python powered template engine and code
generator.

Affected packages

     Package             /   Vulnerable   /                 Unaffected

  1  dev-python/cheetah     < 0.9.17-rc1                 >= 0.9.17-rc1

Description

Brian Bird discovered that Cheetah searches for modules in the
world-writable /tmp directory.

Impact

A malicious local user could place a module containing arbitrary
code in /tmp, which when imported would run with escalated
privileges.

Workaround

There are no known workarounds at this time.

Resolution

All Cheetah users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-python/cheetah-0.9.17-rc1"

References

[ 1 ] Secunia Advisory SA15386

http://secunia.com/advisories/15386/

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200505-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: cdrdao
Advisory ID: MDKSA-2005:089
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0

Problem Description:

The cdrdao package contains two vulnerabilities; the first
allows local users to read arbitrary files via the show-data
command and the second allows local users to overwrite arbitrary
files via a symlink attack on the ~/.cdrdao configuration file.
This can also lead to elevated privileges (a root shell) due to
cdrdao being installed suid root.

The provided packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0137

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0138

Updated Packages:

Mandrakelinux 10.0:
1b7ae1dad185d083ed25987ccce21ad0
10.0/RPMS/cdrdao-1.1.8-2.2.100mdk.i586.rpm
87a92365c35931b3023188da4089c482
10.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.100mdk.i586.rpm
0fd4754121b926a84fae47bf1e4c6133
10.0/SRPMS/cdrdao-1.1.8-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
cea5f48ae2bcc67e161da98e41b55134
amd64/10.0/RPMS/cdrdao-1.1.8-2.2.100mdk.amd64.rpm
c8b85327b50ebb68e3fab34476b1b3cb
amd64/10.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.100mdk.amd64.rpm
0fd4754121b926a84fae47bf1e4c6133
amd64/10.0/SRPMS/cdrdao-1.1.8-2.2.100mdk.src.rpm

Mandrakelinux 10.1:
61ab4f7af380c2b46acac4dcfa1f893a
10.1/RPMS/cdrdao-1.1.9-6.1.101mdk.i586.rpm
9c8463a1c170c1b189e0dd9a68be07d9
10.1/RPMS/cdrdao-gcdmaster-1.1.9-6.1.101mdk.i586.rpm
050a81b90551f9ef454904e55a160a9d
10.1/SRPMS/cdrdao-1.1.9-6.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
a2424f9595ddcb10aca667a35523ae20
x86_64/10.1/RPMS/cdrdao-1.1.9-6.1.101mdk.x86_64.rpm
ce08ea93c55311d7585dcf72d62add3a
x86_64/10.1/RPMS/cdrdao-gcdmaster-1.1.9-6.1.101mdk.x86_64.rpm
050a81b90551f9ef454904e55a160a9d
x86_64/10.1/SRPMS/cdrdao-1.1.9-6.1.101mdk.src.rpm

Mandrakelinux 10.2:
b073077b108528d1ceed5681acf46f8c
10.2/RPMS/cdrdao-1.1.9-7.1.102mdk.i586.rpm
0077a3948564abc01ab2dc935268b443
10.2/RPMS/cdrdao-gcdmaster-1.1.9-7.1.102mdk.i586.rpm
cb1265c4a12964fa5fbf42a7fb2361df
10.2/SRPMS/cdrdao-1.1.9-7.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
0f3eeec0e097087dd4b15dc89ccea21f
x86_64/10.2/RPMS/cdrdao-1.1.9-7.1.102mdk.x86_64.rpm
c573c4ff16b3b0c9bf68467d5cfc347b
x86_64/10.2/RPMS/cdrdao-gcdmaster-1.1.9-7.1.102mdk.x86_64.rpm
cb1265c4a12964fa5fbf42a7fb2361df
x86_64/10.2/SRPMS/cdrdao-1.1.9-7.1.102mdk.src.rpm

Corporate 3.0:
406191468856946e82d195204855a05f
corporate/3.0/RPMS/cdrdao-1.1.8-2.2.C30mdk.i586.rpm
768b911c0d220197ad43f351b91e1c9c
corporate/3.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.C30mdk.i586.rpm
70d8a7e69f725875da71507ebc7c2447
corporate/3.0/SRPMS/cdrdao-1.1.8-2.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
e97c0cd16db006ebc56e7b339c4eccc9
x86_64/corporate/3.0/RPMS/cdrdao-1.1.8-2.2.C30mdk.x86_64.rpm
e1f6f75a51182be5155dc204abbbf188
x86_64/corporate/3.0/RPMS/cdrdao-gcdmaster-1.1.8-2.2.C30mdk.x86_64.rpm

70d8a7e69f725875da71507ebc7c2447
x86_64/corporate/3.0/SRPMS/cdrdao-1.1.8-2.2.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: nasm
Advisory ID: MDKSA-2005:090
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1

Problem Description:

A buffer overflow in nasm was discovered by Josh Bressers. If an
attacker could trick a user into assembling a malicious source
file, they could use this vulnerability to execute arbitrary code
with the privileges of the user running nasm.

The provided packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1194

Updated Packages:

Mandrakelinux 10.0:
6058fd99b081bb34f72eaca22979eacb
10.0/RPMS/nasm-0.98.38-1.2.100mdk.i586.rpm
9e1cad7299252e849dde88c1c8f9fcd5
10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.i586.rpm
7b37557a44164b32b5c5d708af18420a
10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.i586.rpm
047468f3437190d6134a91aa319c9dce
10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
c0f6efb802cdf9016db4b0b460aced96
amd64/10.0/RPMS/nasm-0.98.38-1.2.100mdk.amd64.rpm
1c2d6870472752e7f71e1359f93971d6
amd64/10.0/RPMS/nasm-doc-0.98.38-1.2.100mdk.amd64.rpm
5850c8cbc5e793537edef9297f75ca3b
amd64/10.0/RPMS/nasm-rdoff-0.98.38-1.2.100mdk.amd64.rpm
047468f3437190d6134a91aa319c9dce
amd64/10.0/SRPMS/nasm-0.98.38-1.2.100mdk.src.rpm

Mandrakelinux 10.1:
c86682079a58d5f51afb8c46c3575f88
10.1/RPMS/nasm-0.98.38-1.2.101mdk.i586.rpm
5a8d878475c169dd3e5688d1df154204
10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.i586.rpm
2ac418c945c704be110ad96f7aac207a
10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.i586.rpm
23154a4d32e90290972ffcdf4b45e866
10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
3db75236d3004b80e44da6b9090520ef
x86_64/10.1/RPMS/nasm-0.98.38-1.2.101mdk.x86_64.rpm
b885ec5762f765353386cdb9944f6fc5
x86_64/10.1/RPMS/nasm-doc-0.98.38-1.2.101mdk.x86_64.rpm
431065cf6d8c3ee4986b67478fbcd307
x86_64/10.1/RPMS/nasm-rdoff-0.98.38-1.2.101mdk.x86_64.rpm
23154a4d32e90290972ffcdf4b45e866
x86_64/10.1/SRPMS/nasm-0.98.38-1.2.101mdk.src.rpm

Mandrakelinux 10.2:
3e12f2c986a50d29be3966c1676b22f4
10.2/RPMS/nasm-0.98.39-1.1.102mdk.i586.rpm
fe9c6840f54221f6c87f75671eff25f4
10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.i586.rpm
ce78396659e932bcfba9af13d5578031
10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.i586.rpm
8cbae58b2b3c81dfc7871e3b677ab3ee
10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
dbf950bdee101ba5f24304bf1ef34d9b
x86_64/10.2/RPMS/nasm-0.98.39-1.1.102mdk.x86_64.rpm
9c1b968a37952f4d71ab70566b27f64d
x86_64/10.2/RPMS/nasm-doc-0.98.39-1.1.102mdk.x86_64.rpm
f478ee8d4a130f548d70a26b43d2bd0d
x86_64/10.2/RPMS/nasm-rdoff-0.98.39-1.1.102mdk.x86_64.rpm
8cbae58b2b3c81dfc7871e3b677ab3ee
x86_64/10.2/SRPMS/nasm-0.98.39-1.1.102mdk.src.rpm

Corporate Server 2.1:
a5915798665b6cb487ed46b26d413843
corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.i586.rpm
8920f14ae40608d4e009d0de1de38fc4
corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.i586.rpm
64b92b3d16471838fe539a2231cc9b40
corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.i586.rpm
a500a5886b349219698a63c19e4a25cc
corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
0701d377fbb6d201844d2b4c7c5c1ff4
x86_64/corporate/2.1/RPMS/nasm-0.98.34-1.1.C21mdk.x86_64.rpm
7ca4b424a692a30a0a7563ef7b519fb6
x86_64/corporate/2.1/RPMS/nasm-doc-0.98.34-1.1.C21mdk.x86_64.rpm

e487b2c74bae0220d9274dc0df607113
x86_64/corporate/2.1/RPMS/nasm-rdoff-0.98.34-1.1.C21mdk.x86_64.rpm

a500a5886b349219698a63c19e4a25cc
x86_64/corporate/2.1/SRPMS/nasm-0.98.34-1.1.C21mdk.src.rpm

Corporate 3.0:
6e92be4ee34c886f0bae3eb57742be21
corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.i586.rpm
52dd3cd6c00348a03e0556203d23d315
corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.i586.rpm
982eccac3a54313ba123eaef3f86ea90
corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.i586.rpm
fa2f1dd8e465108d2a0c18fef812e2d0
corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
3ab1744c68d83be84b7adf44aa1868b3
x86_64/corporate/3.0/RPMS/nasm-0.98.38-1.2.C30mdk.x86_64.rpm
7e516d61646ab1fcb9493b8bfd5b0943
x86_64/corporate/3.0/RPMS/nasm-doc-0.98.38-1.2.C30mdk.x86_64.rpm

809e67872145f7b42156e78bd22cbabf
x86_64/corporate/3.0/RPMS/nasm-rdoff-0.98.38-1.2.C30mdk.x86_64.rpm

fa2f1dd8e465108d2a0c18fef812e2d0
x86_64/corporate/3.0/SRPMS/nasm-0.98.38-1.2.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: bzip2
Advisory ID: MDKSA-2005:091
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1

Problem Description:

A race condition in the file permission restore code of bunzip2
was discovered by Imran Ghory. While a user was decompressing a
file, a local attacker with write permissions to the directory
containing the compressed file could replace the target file with a
hard link which would cause bunzip2 to restore the file permissions
of the original file to the hard link target. This could be
exploited to gain read or write access to files of other users
(CAN-2005-0953).

A vulnerability was found where specially crafted bzip2 archives
would cause an infinite loop in the decompressor, resulting in an
indefinitively large output file (also known as a “decompression
bomb”). This could be exploited to cause a Denial of Service attack
on the host computer due to disk space exhaustion
(CAN-2005-1260).

The provided packages have been patched to correct these
issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260

Updated Packages:

Mandrakelinux 10.0:
4b2bb8d970b222f3d941181c97ac90b4
10.0/RPMS/bzip2-1.0.2-17.1.100mdk.i586.rpm
668e3c51aba91c2593a8acff74d44454
10.0/RPMS/libbzip2_1-1.0.2-17.1.100mdk.i586.rpm
94f02cd14f2600f9bb2feafa3bb9d86e
10.0/RPMS/libbzip2_1-devel-1.0.2-17.1.100mdk.i586.rpm
c22b1d64b5479d4924612a96d20f7944
10.0/SRPMS/bzip2-1.0.2-17.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
cb22383be6cb4a2f32170a1c6b5aa0cf
amd64/10.0/RPMS/bzip2-1.0.2-17.1.100mdk.amd64.rpm
923353937d7dd11490f769a23012d229
amd64/10.0/RPMS/lib64bzip2_1-1.0.2-17.1.100mdk.amd64.rpm
796494bd8a1731f1b970421a6c1657ee
amd64/10.0/RPMS/lib64bzip2_1-devel-1.0.2-17.1.100mdk.amd64.rpm
c22b1d64b5479d4924612a96d20f7944
amd64/10.0/SRPMS/bzip2-1.0.2-17.1.100mdk.src.rpm

Mandrakelinux 10.1:
c712f5670311f97e101fe2d0a8ed8c2b
10.1/RPMS/bzip2-1.0.2-20.1.101mdk.i586.rpm
3b7a755b9faf46953f8030eab2b9a5f0
10.1/RPMS/libbzip2_1-1.0.2-20.1.101mdk.i586.rpm
70428efe689e2e0e6e88ee0f1c930475
10.1/RPMS/libbzip2_1-devel-1.0.2-20.1.101mdk.i586.rpm
19be2dba061d76a9b79f7376077e238f
10.1/SRPMS/bzip2-1.0.2-20.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
02b04af8089d801bf139dfdc5fbe61e3
x86_64/10.1/RPMS/bzip2-1.0.2-20.1.101mdk.x86_64.rpm
8c835acc2c2dc823b94e332340502245
x86_64/10.1/RPMS/lib64bzip2_1-1.0.2-20.1.101mdk.x86_64.rpm
92a783e1d9dea6c00324b6ed12d74635
x86_64/10.1/RPMS/lib64bzip2_1-devel-1.0.2-20.1.101mdk.x86_64.rpm

19be2dba061d76a9b79f7376077e238f
x86_64/10.1/SRPMS/bzip2-1.0.2-20.1.101mdk.src.rpm

Mandrakelinux 10.2:
64e8f1fb474606a4bfbeb2adee7cabf6
10.2/RPMS/bzip2-1.0.2-20.1.102mdk.i586.rpm
53fe82aefa0ff6aeff8ce0b5a7649b5c
10.2/RPMS/libbzip2_1-1.0.2-20.1.102mdk.i586.rpm
9d420447e67a42f77e22c28d55bf611a
10.2/RPMS/libbzip2_1-devel-1.0.2-20.1.102mdk.i586.rpm
bc16ae3ec7865dc9e8d382f22d296cb2
10.2/SRPMS/bzip2-1.0.2-20.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
d87a3bc804e9c716a17b44d2144255a7
x86_64/10.2/RPMS/bzip2-1.0.2-20.1.102mdk.x86_64.rpm
6f0841e3c59c302819abd300e37a4b4f
x86_64/10.2/RPMS/lib64bzip2_1-1.0.2-20.1.102mdk.x86_64.rpm
31a163ba5a620dc925279e0cd2b988b4
x86_64/10.2/RPMS/lib64bzip2_1-devel-1.0.2-20.1.102mdk.x86_64.rpm

bc16ae3ec7865dc9e8d382f22d296cb2
x86_64/10.2/SRPMS/bzip2-1.0.2-20.1.102mdk.src.rpm

Corporate Server 2.1:
297004f1d8a720780325382271f94164
corporate/2.1/RPMS/bzip2-1.0.2-10.1.C21mdk.i586.rpm
2e9376a5ebaeef7ab611c31377962636
corporate/2.1/RPMS/libbzip2_1-1.0.2-10.1.C21mdk.i586.rpm
54747fe92a6779b85ac84286c398bb14
corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.1.C21mdk.i586.rpm
2220cf9a3e6842172f98c01909e3f77e
corporate/2.1/SRPMS/bzip2-1.0.2-10.1.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
cfaf6fd095f0d7434e80d8a4f0156255
x86_64/corporate/2.1/RPMS/bzip2-1.0.2-10.1.C21mdk.x86_64.rpm
efddfee91fe70c73d3162cd4f2ab2581
x86_64/corporate/2.1/RPMS/libbzip2_1-1.0.2-10.1.C21mdk.x86_64.rpm

a41917f3e9a008c625b90481c9357aff
x86_64/corporate/2.1/RPMS/libbzip2_1-devel-1.0.2-10.1.C21mdk.x86_64.rpm

2220cf9a3e6842172f98c01909e3f77e
x86_64/corporate/2.1/SRPMS/bzip2-1.0.2-10.1.C21mdk.src.rpm

Corporate 3.0:
b01aca9e32f1b7beadf1dede32fe8726
corporate/3.0/RPMS/bzip2-1.0.2-17.1.C30mdk.i586.rpm
01fb59c1b265d341bd1182ef833186e3
corporate/3.0/RPMS/libbzip2_1-1.0.2-17.1.C30mdk.i586.rpm
7555509f257ddbef15e4f09e4bc3fda5
corporate/3.0/RPMS/libbzip2_1-devel-1.0.2-17.1.C30mdk.i586.rpm
361836a8f0bcdbd18cc376df549f1d2b
corporate/3.0/SRPMS/bzip2-1.0.2-17.1.C30mdk.src.rpm

Corporate 3.0/X86_64:
b06a4e4af363c43e1e24e45e156f6282
x86_64/corporate/3.0/RPMS/bzip2-1.0.2-17.1.C30mdk.x86_64.rpm
7c075c3748cba9471e9d13ce4ae8b4c2
x86_64/corporate/3.0/RPMS/lib64bzip2_1-1.0.2-17.1.C30mdk.x86_64.rpm

d15c9f810a0b1ec7e153154304b8dc53
x86_64/corporate/3.0/RPMS/lib64bzip2_1-devel-1.0.2-17.1.C30mdk.x86_64.rpm

361836a8f0bcdbd18cc376df549f1d2b
x86_64/corporate/3.0/SRPMS/bzip2-1.0.2-17.1.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Mandriva Linux Security Update Advisory

Package name: gzip
Advisory ID: MDKSA-2005:092
Date: May 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1

Problem Description:

Several vulnerabilities have been discovered in the gzip
package:

Zgrep in gzip before 1.3.5 does not properly sanitize arguments,
which allows local users to execute arbitrary commands via
filenames that are injected into a sed script. (CAN-2005-0758)

A race condition in gzip 1.2.4, 1.3.3, and earlier when
decompressing a gzip file allows local users to modify permissions
of arbitrary files via a hard link attack on a file while it is
being decompressed, whose permissions are changed by gzip after the
decompression is complete. (CAN-2005-0988)

A directory traversal vulnerability via “gunzip -N” in gzip
1.2.4 through 1.3.5 allows remote attackers to write to arbitrary
directories via a .. (dot dot) in the original filename within a
compressed file. (CAN-2005-1228)

Updated packages are patched to address these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228

Updated Packages:

Mandrakelinux 10.0:
747eb53b876e9dd0544d58d8cafd436d
10.0/RPMS/gzip-1.2.4a-13.2.100mdk.i586.rpm
6b8b1c839de2659bdbf3ef7b2d084c49
10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
55b145f3a6211d3214e4ac84a9f3d2db
amd64/10.0/RPMS/gzip-1.2.4a-13.2.100mdk.amd64.rpm
6b8b1c839de2659bdbf3ef7b2d084c49
amd64/10.0/SRPMS/gzip-1.2.4a-13.2.100mdk.src.rpm

Mandrakelinux 10.1:
f52a97a5a011807be418d9813e8be8a7
10.1/RPMS/gzip-1.2.4a-13.2.101mdk.i586.rpm
50b48751f7f56fafc86ae58c39473b19
10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
6f68527ab34b108cd142f7612f01624b
x86_64/10.1/RPMS/gzip-1.2.4a-13.2.101mdk.x86_64.rpm
50b48751f7f56fafc86ae58c39473b19
x86_64/10.1/SRPMS/gzip-1.2.4a-13.2.101mdk.src.rpm

Mandrakelinux 10.2:
2e4b095f517150b0c3fd8f06e8b02b54
10.2/RPMS/gzip-1.2.4a-14.1.102mdk.i586.rpm
d9a2c5788a582dc194e4726b68708e75
10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
819a41d23efc8ad2c26cd9786178a52c
x86_64/10.2/RPMS/gzip-1.2.4a-14.1.102mdk.x86_64.rpm
d9a2c5788a582dc194e4726b68708e75
x86_64/10.2/SRPMS/gzip-1.2.4a-14.1.102mdk.src.rpm

Corporate Server 2.1:
531d8990f2c080218daaafd80fa324d4
corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.i586.rpm
255e4af1676fa7db7ebb6f9997bee3ef
corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
7094630fcd81e61eb6402d25b4afa2dd
x86_64/corporate/2.1/RPMS/gzip-1.2.4a-11.4.C21mdk.x86_64.rpm
255e4af1676fa7db7ebb6f9997bee3ef
x86_64/corporate/2.1/SRPMS/gzip-1.2.4a-11.4.C21mdk.src.rpm

Corporate 3.0:
4d73819ec9c73150407ab0a6739e797b
corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.i586.rpm
2d3852158ecc68f805ce3e63d3e0c563
corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
502e80bad0a21a86c06f85836c9e9579
x86_64/corporate/3.0/RPMS/gzip-1.2.4a-13.2.C30mdk.x86_64.rpm
2d3852158ecc68f805ce3e63d3e0c563
x86_64/corporate/3.0/SRPMS/gzip-1.2.4a-13.2.C30mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Red Hat Linux

Red Hat Security Advisory

Synopsis: Low: evolution security update
Advisory ID: RHSA-2005:238-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-238.html

Issue date: 2005-05-19
Updated on: 2005-05-19
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0102

1. Summary:

Updated evolution packages that fix various bugs are now
available.

This update has been rated as having low security impact by the
Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 – i386, ia64, ppc, s390,
s390x, x86_64
Red Hat Desktop version 3 – i386, x86_64
Red Hat Enterprise Linux ES version 3 – i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 – i386, ia64, x86_64

3. Problem description:

Evolution is the GNOME collection of personal information
management (PIM) tools. Evolution includes a mailer, calendar,
contact manager, and communication facility. The tools which make
up Evolution are tightly integrated with one another and act as a
seamless personal information management tool.

A bug was found in Evolution’s helper program camel-lock-helper.
This bug could allow a local attacker to gain root privileges if
camel-lock-helper has been built to execute with elevated
privileges. The Common Vulnerabilities and Exposures project
(cve.mitre.org/) has assigned
the name CAN-2005-0102 to this issue. On Red Hat Enterprise Linux,
camel-lock-helper is not built to execute with elevated privileges
by default. Please note however that if users have rebuilt
Evolution from the source RPM, as the root user, camel-lock-helper
may be given elevated privileges.

Additionally, these updated packages address the following
issues:

  • If evolution ran during a GNOME session, the evolution-wombat
    process did not exit when the user logged out of the desktop.
  • For folders marked for Offline Synchronization: if a user moved
    a message from a Local Folder to an IMAP folder while in Offline
    mode, the message was not present in either folder after returning
    to Online mode.

This update fixes this problem. Email messages that have been
lost this way may still be present in the following path:

~/evolution/&lt;NAME_OF_MAIL_STORE&gt;/
&lt;path-to-folder-via-subfolder-directories&gt;/
&lt;temporary-uid-of-message&gt;

If this bug has affected you it may be possible to recover data
by examining the contents of this directory.

All users of evolution should upgrade to these updated packages,
which resolve these issues.

4. Solution:

Before applying this update, make sure that all
previously-released errata relevant to your system have been
applied. Use Red Hat Network to download and update your packages.
To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to
the following Web page for the System Administration or
Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/evolution-1.4.5-14.src.rpm
00ca55085916b5be09835fc2fdd8f115 evolution-1.4.5-14.src.rpm

i386:
c16eac86838d8fa7a244a5946f2b48ad evolution-1.4.5-14.i386.rpm
381646f69a1f9005d2437eb565bc9fea
evolution-devel-1.4.5-14.i386.rpm

ia64:
5a5988450fa8474d12a2907ba2ffd0d5 evolution-1.4.5-14.ia64.rpm
cb572702db3115e1302751cdfd421cfe
evolution-devel-1.4.5-14.ia64.rpm

ppc:
27164ca33b130009bbc1666d386d5063 evolution-1.4.5-14.ppc.rpm
2709252c915bd4d4eec045d27bca1f43
evolution-devel-1.4.5-14.ppc.rpm

s390:
804000f88b5019f7947575316272ad3c evolution-1.4.5-14.s390.rpm
68ff7ce189ace01df821534d532e2aff
evolution-devel-1.4.5-14.s390.rpm

s390x:
eb3758e2fb713493c51b0175de6cf038 evolution-1.4.5-14.s390x.rpm
a7d5d6a7e1150aed4aaf3970080e0d15
evolution-devel-1.4.5-14.s390x.rpm

x86_64:
3cb477f8d7f834e2cdbdfdc97b4acb33 evolution-1.4.5-14.x86_64.rpm
7e19acc7c0720c8c08fd1a111fb2b774
evolution-devel-1.4.5-14.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/evolution-1.4.5-14.src.rpm
00ca55085916b5be09835fc2fdd8f115 evolution-1.4.5-14.src.rpm

i386:
c16eac86838d8fa7a244a5946f2b48ad evolution-1.4.5-14.i386.rpm
381646f69a1f9005d2437eb565bc9fea
evolution-devel-1.4.5-14.i386.rpm

x86_64:
3cb477f8d7f834e2cdbdfdc97b4acb33 evolution-1.4.5-14.x86_64.rpm
7e19acc7c0720c8c08fd1a111fb2b774
evolution-devel-1.4.5-14.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/evolution-1.4.5-14.src.rpm
00ca55085916b5be09835fc2fdd8f115 evolution-1.4.5-14.src.rpm

i386:
c16eac86838d8fa7a244a5946f2b48ad evolution-1.4.5-14.i386.rpm
381646f69a1f9005d2437eb565bc9fea
evolution-devel-1.4.5-14.i386.rpm

ia64:
5a5988450fa8474d12a2907ba2ffd0d5 evolution-1.4.5-14.ia64.rpm
cb572702db3115e1302751cdfd421cfe
evolution-devel-1.4.5-14.ia64.rpm

x86_64:
3cb477f8d7f834e2cdbdfdc97b4acb33 evolution-1.4.5-14.x86_64.rpm
7e19acc7c0720c8c08fd1a111fb2b774
evolution-devel-1.4.5-14.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:

ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/evolution-1.4.5-14.src.rpm
00ca55085916b5be09835fc2fdd8f115 evolution-1.4.5-14.src.rpm

i386:
c16eac86838d8fa7a244a5946f2b48ad evolution-1.4.5-14.i386.rpm
381646f69a1f9005d2437eb565bc9fea
evolution-devel-1.4.5-14.i386.rpm

ia64:
5a5988450fa8474d12a2907ba2ffd0d5 evolution-1.4.5-14.ia64.rpm
cb572702db3115e1302751cdfd421cfe
evolution-devel-1.4.5-14.ia64.rpm

x86_64:
3cb477f8d7f834e2cdbdfdc97b4acb33 evolution-1.4.5-14.x86_64.rpm
7e19acc7c0720c8c08fd1a111fb2b774
evolution-devel-1.4.5-14.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

6. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0102

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

Ubuntu Linux

Ubuntu Security Notice USN-130-1 May 19, 2005
tiff vulnerability
CAN-2005-1544

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package
to version 3.6.1-1.1ubuntu1.3 (for Ubuntu 4.10), or
3.6.1-5ubuntu0.1 (for Ubuntu 5.04). After a standard system upgrade
you need to restart your CUPS server with

sudo /etc/init.d/cupsys restart

to effect the necessary changes.

Details follow:

Tavis Ormandy discovered a buffer overflow in the TIFF library.
A malicious image with an invalid “bits per sample” number could be
constructed which, when decoded, would have resulted in execution
of arbitrary code with the privileges of the process using the
library.

Since this library is used in many applications like
“ghostscript” and the “CUPS” printing system, this vulnerability
may lead to remotely induced privilege escalation.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:


http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.3.diff.gz

Size/MD5: 23204 9ac3ca3fba6f2dfee338a6ead67dd861

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-1.1ubuntu1.3.dsc

Size/MD5: 646 dd500c399e6e27e8fccc0a2217b81e24

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz

Size/MD5: 848760 bd252167a20ac7910ab3bd2b3ee9e955

amd64 architecture (Athlon64, Opteron, EM64T Xeon)


http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_amd64.deb

Size/MD5: 172882 44812e9c564e534afaf120298a05649d

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-1.1ubuntu1.3_amd64.deb

Size/MD5: 458464 45c8e715cfd6d0d10a8f7755d444e8b2

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-1.1ubuntu1.3_amd64.deb

Size/MD5: 111528 c3e7f1e32d02fb2f43dcd7eba004f410

i386 architecture (x86 compatible Intel/AMD)


http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-tools_3.6.1-1.1ubuntu1.3_i386.deb

Size/MD5: 157242 89a8e234340550fbb7b51b0665f57b07

http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-d

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.