---

Advisories, May 30, 2006

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200605-16


http://security.gentoo.org/


Severity: Low
Title: CherryPy: Directory traversal vulnerability
Date: May 30, 2006
Bugs: #134273
ID: 200605-16


Synopsis

CherryPy is vulnerable to a directory traversal that could allow
attackers to read arbitrary files.

Background

CherryPy is a Python-based, object-oriented web development
framework.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  dev-python/cherrypy       < 2.1.1                        >= 2.1.1

Description

Ivo van der Wijk discovered that the “staticfilter” component of
CherryPy fails to sanitize input correctly.

Impact

An attacker could exploit this flaw to obtain arbitrary files
from the web server.

Workaround

There is no known workaround at this time.

Resolution

All CherryPy users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.1.1"

References

[ 1 ] CVE-2006-0847

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0847

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-16.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


Gentoo Linux Security Advisory GLSA 200605-17


http://security.gentoo.org/


Severity: Normal
Title: libTIFF: Multiple vulnerabilities
Date: May 30, 2006
Bugs: #129675
ID: 200605-17


Synopsis

Multiple vulnerabilities in libTIFF could lead to the execution
of arbitrary code or a Denial of Service.

Background

libTIFF provides support for reading and manipulating TIFF
images.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  media-libs/tiff       < 3.8.1                            >= 3.8.1

Description

Multiple vulnerabilities, ranging from integer overflows and
NULL pointer dereferences to double frees, were reported in
libTIFF.

Impact

An attacker could exploit these vulnerabilities by enticing a
user to open a specially crafted TIFF image, possibly leading to
the execution of arbitrary code or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All libTIFF users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1"

References

[ 1 ] CVE-2006-0405

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0405

[ 2 ] CVE-2006-2024

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024

[ 3 ] CVE-2006-2025

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025

[ 4 ] CVE-2006-2026

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200605-17.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Mandriva Linux


Mandriva Linux Security Advisory MDKSA-2006:093
http://www.mandriva.com/security/


Package : dia
Date : May 30, 2006
Affected: 2006.0, Corporate 3.0


Problem Description:

A format string vulnerability in Dia allows user-complicit
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by triggering errors or warnings, as demonstrated
via format string specifiers in a .bmp filename. NOTE: the original
exploit was demonstrated through a command line argument, but there
are other mechanisms inputs that are automatically process by Dia,
such as a crafted .dia file. (CVE-2006-2480)

Multiple unspecified format string vulnerabilities in Dia have
unspecified impact and attack vectors, a different set of issues
than CVE-2006-2480. (CVE-2006-2453)

Packages have been patched to correct this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480


Updated Packages:

Mandriva Linux 2006.0:
25f39bc046f44931e37df109581e87b9
2006.0/RPMS/dia-0.94-6.4.20060mdk.i586.rpm
f19385acd5189ebc01114fc225fd9320
2006.0/SRPMS/dia-0.94-6.4.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
924a511192a32723ccc93121694b224b
x86_64/2006.0/RPMS/dia-0.94-6.4.20060mdk.x86_64.rpm
f19385acd5189ebc01114fc225fd9320
x86_64/2006.0/SRPMS/dia-0.94-6.4.20060mdk.src.rpm

Corporate 3.0:
14773513eee38d6a2ef7c162fedfc0b9
corporate/3.0/RPMS/dia-0.92.2-2.3.C30mdk.i586.rpm
60df291bbe184fdd06564147555eb0e4
corporate/3.0/SRPMS/dia-0.92.2-2.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
3df4b2245403861a7b36c6acaa056ac7
x86_64/corporate/3.0/RPMS/dia-0.92.2-2.3.C30mdk.x86_64.rpm
60df291bbe184fdd06564147555eb0e4
x86_64/corporate/3.0/SRPMS/dia-0.92.2-2.3.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis