Debian GNU/Linux
Debian Security Advisory DSA 1209-2 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
November 12th, 2006 http://www.debian.org/security/faq
Package : trac
Vulnerability : cross-site request forgery
Problem-Type : remote
Debian-specific: no
The Trac update in DSA 1209 introduced a regression. This update
corrects this flaw. For completeness, the original advisory text
below:
It was discovered that Trac, a wiki and issue tracking system
for software development projects, performs insufficient validation
against cross-site request forgery, which might lead to an attacker
being able to perform manipulation of a Trac site with the
privileges of the attacked Trac user.
For the stable distribution (sarge) this problem has been fixed
in version 0.8.1-3sarge6.
For the unstable distribution (sid) this problem has been fixed
in version 0.10.1-1.
We recommend that you upgrade your trac package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7.dsc
Size/MD5 checksum: 656
3e2a71eb01a324d3a26f9e6c001fbba5
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7.diff.gz
Size/MD5 checksum: 14842
9cdb9eed54faecbe2c4df8f5106dafdb
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1.orig.tar.gz
Size/MD5 checksum: 236791
1b6c44fae90c760074762b73cdc88c8d
Architecture independent components:
http://security.debian.org/pool/updates/main/t/trac/trac_0.8.1-3sarge7_all.deb
Size/MD5 checksum: 200092
5c0659ad7e99970da829c0258209b747
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1210-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
November 14th, 2006 http://www.debian.org/security/faq
Package : mozilla-firefox
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE IDs : CVE-2006-2788 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566
CVE-2006-4568 CVE-2006-4571
BugTraq ID : 20042
Several security related problems have been discovered in
Mozilla and derived products such as Mozilla Firefox. The Common
Vulnerabilities and Exposures project identifies the following
vulnerabilities:
CVE-2006-2788
Fernando Ribeiro discovered that a vulnerability in the
getRawDER functionallows remote attackers to cause a denial of
service (hang) and possibly execute arbitrary code.
CVE-2006-4340
Daniel Bleichenbacher recently described an implementation error
in RSA signature verification that cause the application to
incorrectly trust SSL certificates.
CVE-2006-4565, CVE-2006-4566
Priit Laes reported that that a JavaScript regular expression
can trigger a heap-based buffer overflow which allows remote
attackers to cause a denial of service and possibly execute
arbitrary code.
CVE-2006-4568
A vulnerability has been discovered that allows remote attackers
to bypass the security model and inject content into the sub-frame
of another site.
CVE-2006-4571
Multiple unspecified vulnerabilities in Firefox, Thunderbird and
SeaMonkey allow remote attackers to cause a denial of service,
corrupt memory, and possibly execute arbitrary code.
For the stable distribution (sarge) these problems have been
fixed in version 1.0.4-2sarge12.
For the unstable distribution (sid) these problems have been
fixed in version 1.5.dfsg+1.5.0.7-1
of firefox.
We recommend that you upgrade your Mozilla Firefox package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.dsc
Size/MD5 checksum: 1003
751f0df80be8491ac3b24e902da6e3cb
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4-2sarge12.diff.gz
Size/MD5 checksum: 441420
8b1078ef98ff79137869c932999d3957
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox_1.0.4.orig.tar.gz
Size/MD5 checksum: 40212297
8e4ba81ad02c7986446d4e54e978409d
Alpha architecture:
Size/MD5 checksum: 11181154
771ba85fbf21e6419d87820fc6f19a9a
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_alpha.deb
Size/MD5 checksum: 170352
f2c75d2fb5ab8684a20ba6fc08585cdb
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_alpha.deb
Size/MD5 checksum: 62166
79fd193ea817fc1f466a57e4a37d74fa
AMD64 architecture:
Size/MD5 checksum: 9411492
3c3704ef1014e0d9dc38ece9d16a36d4
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_amd64.deb
Size/MD5 checksum: 165132
54e7468747e04dc1449faa8ff9c123b4
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_amd64.deb
Size/MD5 checksum: 60700
a8ac42c24a29be9b260a0ec426b83f1c
ARM architecture:
Size/MD5 checksum: 8232340
0d9f98d7a3bc7bcef0d759b98061c79b
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_arm.deb
Size/MD5 checksum: 156586
7b74819b6afa58f7c485fb581ace3501
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_arm.deb
Size/MD5 checksum: 55998
08e378fe351fc437422ea242ff83a60c
HP Precision architecture:
Size/MD5 checksum: 10285622
0558779439806d577d49c812255c6d0d
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_hppa.deb
Size/MD5 checksum: 168054
cd002591b783ecec56da8995fb75a400
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_hppa.deb
Size/MD5 checksum: 61152
a38e7bca2cbe87bf5bdfd006bc95e448
Intel IA-32 architecture:
Size/MD5 checksum: 8907626
1a353f19735c6339a74fe9d2a2b97fdf
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_i386.deb
Size/MD5 checksum: 160320
e833f8887c1b541d8f6ef4b7552a70c7
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_i386.deb
Size/MD5 checksum: 57550
00e2dc72d2a8af56650004ac095eee06
Intel IA-64 architecture:
Size/MD5 checksum: 11644736
049ecdd937bff15ed7e12f1282599a98
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_ia64.deb
Size/MD5 checksum: 170668
f3298445d8884cf133bcb837cc049240
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_ia64.deb
Size/MD5 checksum: 65358
134710ff8c57f8e02e113b5af1df6662
Motorola 680×0 architecture:
Size/MD5 checksum: 8184660
b0103cf8b425bb76d91a7873f78d0217
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_m68k.deb
Size/MD5 checksum: 159262
e04d0648d5b817a1b7314e5d77108873
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_m68k.deb
Size/MD5 checksum: 56816
15dc3184acaf65cca897de7092a588ff
Big endian MIPS architecture:
Size/MD5 checksum: 9942738
846cc617e99976a64ce379ff04822370
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mips.deb
Size/MD5 checksum: 158130
e8812baecfd3f93a6540a44b7d97a9aa
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mips.deb
Size/MD5 checksum: 57818
44d481edc96edd5b33c6474064792a76
Little endian MIPS architecture:
Size/MD5 checksum: 9819470
41ecbd5f3543c0b110771e93e2307abc
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_mipsel.deb
Size/MD5 checksum: 157672
43ca2a353bacf378a2dc7dfa9a7f3a73
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_mipsel.deb
Size/MD5 checksum: 57634
8d16796108c3a7627ab9654e977277a5
PowerPC architecture:
Size/MD5 checksum: 8579128
b673ec3ded27be02020cc1e532b80740
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_powerpc.deb
Size/MD5 checksum: 158740
8c7ef8d61c6753e3474b8867d5356d9b
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_powerpc.deb
Size/MD5 checksum: 59932
ead83381ef8abacb712f57d64ab736df
IBM S/390 architecture:
Size/MD5 checksum: 9649760
a4cd1c6d8ee856640fef8b97bee96657
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_s390.deb
Size/MD5 checksum: 165732
197737ac3038ab474cb47e7c30d92374
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_s390.deb
Size/MD5 checksum: 60126
81193293f0e149cfa90e8cd9b71a3e22
Sun Sparc architecture:
Size/MD5 checksum: 8671300
f486f39ddab307216a90532093d178b3
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-dom-inspector_1.0.4-2sarge12_sparc.deb
Size/MD5 checksum: 158928
03c9877b5d2151af331509a9c9d191b8
http://security.debian.org/pool/updates/main/m/mozilla-firefox/mozilla-firefox-gnome-support_1.0.4-2sarge12_sparc.deb
Size/MD5 checksum: 56362
5fb4c5c035b32c5fd1b86b48f1b5cafb
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>;
Fedora Legacy
Fedora Legacy Update Advisory
Synopsis: Updated gzip package fixes security issues
Advisory ID: FLSA:211760
Issue date: 2006-11-13
Product: Red Hat Linux, Fedora Core
Keywords: Bugfix
CVE Names: CVE-2006-4334, CVE-2006-4338, CVE-2006-4335,
CVE-2006-4336, CVE-2006-4337
1. Topic:
An updated gzip package is now available.
The gzip package contains the GNU gzip data compression
program.
2. Relevant releases/architectures:
Fedora Core 3 – i386, x86_64
Fedora Core 4 – i386, x86_64
3. Problem description:
Tavis Ormandy of the Google Security Team discovered two denial
of service flaws in the way gzip expanded archive files. If a
victim expanded a specially crafted archive, it could cause the
gzip executable to hang or crash. (CVE-2006-4334,
CVE-2006-4338)
Tavis Ormandy of the Google Security Team discovered several
code execution flaws in the way gzip expanded archive files. If a
victim expanded a specially crafted archive, it could cause the
gzip executable to crash or execute arbitrary code. (CVE-2006-4335,
CVE-2006-4336, CVE-2006-4337)
Users of gzip should upgrade to this updated package, which
contain a backported patch and is not vulnerable to these
issues.
4. Solution:
Before applying this update, make sure all previously released
errata relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via yum and apt.
Many people find this an easier way to apply updates. To use yum
issue:
yum update
or to use apt:
apt-get update; apt-get upgrade
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system. This assumes that
you have yum or apt-get configured for obtaining Fedora Legacy
content. Please visit http://www.fedoralegacy.org/docs
for directions on how to configure yum and apt-get.
5. Bug IDs fixed:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211760
6. RPMs required:
Fedora Core 3:
SRPM:
http://download.fedoralegacy.org/fedora/3/updates/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/3/updates/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/3/updates/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm
Fedora Core 4:
SRPM:
http://download.fedoralegacy.org/fedora/4/updates/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm
i386:
http://download.fedoralegacy.org/fedora/4/updates/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm
x86_64:
http://download.fedoralegacy.org/fedora/4/updates/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm
7. Verification:
SHA1 sum Package Name
fc3:
803cef0b8d4e06f79ae9ce64aee63cdd761e87b6
fedora/3/updates/i386/gzip-1.3.3-16.1.fc3.legacy.i386.rpm
602ad6828a3388063db0c45f13c256d92b12cc51
fedora/3/updates/x86_64/gzip-1.3.3-16.1.fc3.legacy.x86_64.rpm
7f4737f9e627480ee211022b9dffc1da5696adda
fedora/3/updates/SRPMS/gzip-1.3.3-16.1.fc3.legacy.src.rpm
fc4:
1cf4530543c8f7da0d331f11388bb7517fa013e4
fedora/4/updates/i386/gzip-1.3.5-6.1.0.legacy.i386.rpm
17fb012aacf13fcf623c5f6447d4ba127ed4a780
fedora/4/updates/x86_64/gzip-1.3.5-6.1.0.legacy.x86_64.rpm
b49360a81b5d4df62dbbb3b2b094515678f41a35
fedora/4/updates/SRPMS/gzip-1.3.5-6.1.0.legacy.src.rpm
These packages are GPG signed by Fedora Legacy for security. Our
key is available from http://www.fedoralegacy.org/about/security.php
You can verify each package with the following command:
rpm –checksig -v <filename>
If you only wish to verify that each package has not been
corrupted or tampered with, examine only the sha1sum with the
following command:
sha1sum <filename>
8. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
9. Contact:
The Fedora Legacy security contact is <secnotice@fedoralegacy.org>.
More project details at http://www.fedoralegacy.org
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200611-06
Severity: Normal
Title: OpenSSH: Multiple Denial of Service vulnerabilities
Date: November 13, 2006
Bugs: #149502
ID: 200611-06
Synopsis
Several Denial of Service vulnerabilities have been identified
in OpenSSH.
Background
OpenSSH is a complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Affected packages
Package / Vulnerable / Unaffected
1 net-misc/openssh < 4.4_p1-r5 >= 4.4_p1-r5
Description
Tavis Ormandy of the Google Security Team has discovered a
pre-authentication vulnerability, causing sshd to spin until the
login grace time has been expired. Mark Dowd found an unsafe signal
handler that was vulnerable to a race condition. It has also been
discovered that when GSSAPI authentication is enabled, GSSAPI will
in certain cases incorrectly abort.
Impact
The pre-authentication and signal handler vulnerabilities can
cause a Denial of Service in OpenSSH. The vulnerability in the
GSSAPI authentication abort could be used to determine the validity
of usernames on some platforms.
Workaround
There is no known workaround at this time.
Resolution
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-4.4_p1-r5"
References
[ 1 ] CVE-2006-5051
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
[ 2 ] CVE-2006-5052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052
[ 3 ] OpenSSH Security Advisory
http://www.openssh.com/txt/release-4.4
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200611-07
Severity: Normal
Title: GraphicsMagick: PALM and DCM buffer overflows
Date: November 13, 2006
Bugs: #152668
ID: 200611-07
Synopsis
GraphicsMagick improperly handles PALM and DCM images,
potentially resulting in the execution of arbitrary code.
Background
GraphicsMagick is a collection of tools and libraries which
support reading, writing, and manipulating images in many major
formats.
Affected packages
Package / Vulnerable / Unaffected
1 media-gfx/graphicsmagick < 1.1.7-r3 >= 1.1.7-r3
Description
M. Joonas Pihlaja has reported that a boundary error exists
within the ReadDCMImage() function of coders/dcm.c, causing the
improper handling of DCM images. Pihlaja also reported that there
are several boundary errors in the ReadPALMImage() function of
coders/palm.c, similarly causing the improper handling of PALM
images.
Impact
An attacker could entice a user to open a specially crafted DCM
or PALM image with GraphicsMagick, and possibly execute arbitrary
code with the privileges of the user running GraphicsMagick.
Workaround
There is no known workaround at this time.
Resolution
All GraphicsMagick users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.1.7-r3"
References
[ 1 ] CVE-2006-5456
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-07.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Gentoo Linux Security Advisory GLSA 200611-08
Severity: Normal
Title: RPM: Buffer overflow
Date: November 13, 2006
Bugs: #154218
ID: 200611-08
Synopsis
RPM is vulnerable to a buffer overflow and possibly the
execution of arbitrary code when opening specially crafted
packages.
Background
The Red Hat Package Manager (RPM) is a command line driven
package management system capable of installing, uninstalling,
verifying, querying, and updating computer software packages.
Affected packages
Package / Vulnerable / Unaffected
1 app-arch/rpm < 4.4.6-r3 >= 4.4.6-r3
Description
Vladimir Mosgalin has reported that when processing certain
packages, RPM incorrectly allocates memory for the packages,
possibly causing a heap-based buffer overflow.
Impact
An attacker could entice a user to open a specially crafted RPM
package and execute code with the privileges of that user if
certain locales are set.
Workaround
There is no known workaround at this time.
Resolution
All RPM users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rpm-4.4.6-r3"
References
[ 1 ] CVE-2006-5466
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5466
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-08.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.