Gentoo Linux
Gentoo Linux Security Advisory GLSA 200605-16
Severity: Low
Title: CherryPy: Directory traversal vulnerability
Date: May 30, 2006
Bugs: #134273
ID: 200605-16
Synopsis
CherryPy is vulnerable to a directory traversal that could allow
attackers to read arbitrary files.
Background
CherryPy is a Python-based, object-oriented web development
framework.
Affected packages
Package / Vulnerable / Unaffected
1 dev-python/cherrypy < 2.1.1 >= 2.1.1
Description
Ivo van der Wijk discovered that the “staticfilter” component of
CherryPy fails to sanitize input correctly.
Impact
An attacker could exploit this flaw to obtain arbitrary files
from the web server.
Workaround
There is no known workaround at this time.
Resolution
All CherryPy users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/cherrypy-2.1.1"
References
[ 1 ] CVE-2006-0847
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0847
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200605-16.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200605-17
Severity: Normal
Title: libTIFF: Multiple vulnerabilities
Date: May 30, 2006
Bugs: #129675
ID: 200605-17
Synopsis
Multiple vulnerabilities in libTIFF could lead to the execution
of arbitrary code or a Denial of Service.
Background
libTIFF provides support for reading and manipulating TIFF
images.
Affected packages
Package / Vulnerable / Unaffected
1 media-libs/tiff < 3.8.1 >= 3.8.1
Description
Multiple vulnerabilities, ranging from integer overflows and
NULL pointer dereferences to double frees, were reported in
libTIFF.
Impact
An attacker could exploit these vulnerabilities by enticing a
user to open a specially crafted TIFF image, possibly leading to
the execution of arbitrary code or a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All libTIFF users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.8.1"
References
[ 1 ] CVE-2006-0405
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0405
[ 2 ] CVE-2006-2024
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
[ 3 ] CVE-2006-2025
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
[ 4 ] CVE-2006-2026
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200605-17.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Mandriva Linux
Mandriva Linux Security Advisory MDKSA-2006:093
http://www.mandriva.com/security/
Package : dia
Date : May 30, 2006
Affected: 2006.0, Corporate 3.0
Problem Description:
A format string vulnerability in Dia allows user-complicit
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by triggering errors or warnings, as demonstrated
via format string specifiers in a .bmp filename. NOTE: the original
exploit was demonstrated through a command line argument, but there
are other mechanisms inputs that are automatically process by Dia,
such as a crafted .dia file. (CVE-2006-2480)
Multiple unspecified format string vulnerabilities in Dia have
unspecified impact and attack vectors, a different set of issues
than CVE-2006-2480. (CVE-2006-2453)
Packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480
Updated Packages:
Mandriva Linux 2006.0:
25f39bc046f44931e37df109581e87b9
2006.0/RPMS/dia-0.94-6.4.20060mdk.i586.rpm
f19385acd5189ebc01114fc225fd9320
2006.0/SRPMS/dia-0.94-6.4.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
924a511192a32723ccc93121694b224b
x86_64/2006.0/RPMS/dia-0.94-6.4.20060mdk.x86_64.rpm
f19385acd5189ebc01114fc225fd9320
x86_64/2006.0/SRPMS/dia-0.94-6.4.20060mdk.src.rpm
Corporate 3.0:
14773513eee38d6a2ef7c162fedfc0b9
corporate/3.0/RPMS/dia-0.92.2-2.3.C30mdk.i586.rpm
60df291bbe184fdd06564147555eb0e4
corporate/3.0/SRPMS/dia-0.92.2-2.3.C30mdk.src.rpm
Corporate 3.0/X86_64:
3df4b2245403861a7b36c6acaa056ac7
x86_64/corporate/3.0/RPMS/dia-0.92.2-2.3.C30mdk.x86_64.rpm
60df291bbe184fdd06564147555eb0e4
x86_64/corporate/3.0/SRPMS/dia-0.92.2-2.3.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>