---

Advisories, November 27, 2006

Debian GNU/Linux


Debian Security Advisory DSA-1219-1 security@debian.org
http://www.debian.org/security/
Noah Meyerhans
November 27, 2006


Package : texinfo
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2005-3011 CVE-2006-4810
BugTraq ID : 14854 20959

Multiple vulnerabilities have been found in the GNU texinfo
package, a documentation system for on-line information and printed
output.

CVE-2005-3011
Handling of temporary files is performed in an insecure manner,
allowing an attacker to overwrite any file writable by the
victim.

CVE-2006-4810
A buffer overflow in util/texindex.c could allow an attacker to
execute arbitrary code with the victim’s access rights by inducing
the victim to run texindex or tex2dvi on a specially crafted
texinfo file.

For the stable distribution (sarge), these problems have been
fixed in version 4.7-2.2sarge2 Note that binary packages for the
mipsel architecture are not currently available due to technical
problems with the build host. These packages will be made available
as soon as possible.

For unstable (sid) and the upcoming stable release (etch), these
problems have been fixed in version 4.8.dfsg.1-4

We recommend that you upgrade your texinfo package.

Upgrade instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)


Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.dsc

      Size/MD5 checksum: 622
f146d738696417a3f14e04875066ef9a
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7.orig.tar.gz

      Size/MD5 checksum: 1979183
72a57e378efb9898c9e41ca839554dae
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.diff.gz

      Size/MD5 checksum: 10614
07a591b00a79ba8e2acf13d7654bf3e8

alpha architecture (DEC Alpha)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_alpha.deb

      Size/MD5 checksum: 207720
1fce59e479c10386d5bab3d8aec99ddd
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_alpha.deb

      Size/MD5 checksum: 884956
93a3606294fd0059390b7da3c5803a1a

amd64 architecture (AMD x86_64 (AMD64))

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_amd64.deb

      Size/MD5 checksum: 191308
035c9fb7bffa818819e6e104218d5911
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_amd64.deb

      Size/MD5 checksum: 863680
8300c746fbb75231a09229f32f57d126

arm architecture (ARM)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_arm.deb

      Size/MD5 checksum: 178812
d8781c075692500d4d6a799019697a72
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_arm.deb

      Size/MD5 checksum: 848862
4d31ba02e3004a5e290d6204ba402b19

hppa architecture (HP PA RISC)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_hppa.deb

      Size/MD5 checksum: 867668
934d2a72b73c4342066f1fba21c35fff
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_hppa.deb

      Size/MD5 checksum: 195122
07ea3515643ddb8dc29791802974ec40

i386 architecture (Intel ia32)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_i386.deb

      Size/MD5 checksum: 846972
eb370f53f4db1681ead784353f6711c4
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_i386.deb

      Size/MD5 checksum: 179614
ee08c755b1eb00043173acfdae2420d7

ia64 architecture (Intel ia64)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_ia64.deb

      Size/MD5 checksum: 912350
c99196682ffe5436a1f99da332e77f91
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_ia64.deb

      Size/MD5 checksum: 229398
e9e6dca2f2250bd07c0605e393105339

m68k architecture (Motorola Mc680x0)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_m68k.deb

      Size/MD5 checksum: 171354
93b5762ecf847bba77396f08b04e225e
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_m68k.deb

      Size/MD5 checksum: 838386
2d63f36ef81c84ae8bdad8f2be5f1797

mips architecture (MIPS (Big Endian))

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_mips.deb

      Size/MD5 checksum: 197790
a4995ad93353790e9c65c1670013ee9d
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_mips.deb

      Size/MD5 checksum: 871394
33293634348c2de181f44a1cde80a296

powerpc architecture (PowerPC)

    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_powerpc.deb

      Size/MD5 checksum: 858718
15af021f7fcc9f8725e6148fcbc7ea45
    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_powerpc.deb

      Size/MD5 checksum: 190392
0ad24b055c5c6db61c81120a9a3931ee

s390 architecture (IBM S/390)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_s390.deb

      Size/MD5 checksum: 190132
5d21d2dbfe5625f0a16a9016869ebd07
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_s390.deb

      Size/MD5 checksum: 862776
79880b6208371510574f131376c01097

sparc architecture (Sun SPARC/UltraSPARC)

    http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_sparc.deb

      Size/MD5 checksum: 179676
ff45ad02e7f8a92ce2c99225a3671f3e
    http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_sparc.deb

      Size/MD5 checksum: 849696
5ebdcaed10e4bf038162a6a937f1bc1a

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 1220-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
November 26th, 2006 http://www.debian.org/security/faq


Package : pstotext
Vulnerability : insecure file name quoting
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-5869
Debian Bug : 356988

Brian May discovered that pstotext, a utility to extract plain
text from Postscript and PDF files, performs insufficient quoting
of file names, which allows execution of arbitrary shell
commands.

For the stable distribution (sarge) this problem has been fixed
in version 1.9-1sarge2. The build for the mipsel architecture is
not yet available due to technical problems with the build
host.

For the upcoming stable distribution (etch) this problem has
been fixed in version 1.9-4.

For the unstable distribution (sid) this problem has been fixed
in version 1.9-4.

We recommend that you upgrade your pstotext package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.dsc

      Size/MD5 checksum: 566
56e79abcf02e841e78267bda1faff734
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.diff.gz

      Size/MD5 checksum: 8857
4efb7277f17fca5ebd20573d93b11a83
    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz

      Size/MD5 checksum: 37461
64576e8a10ff5514e285d98b3898ae78

Alpha architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_alpha.deb

      Size/MD5 checksum: 34218
57b121ba1a0f5d53412ab5587c611d68

AMD64 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_amd64.deb

      Size/MD5 checksum: 33872
cc72441f0565d8225ae1e97a7df34a82

ARM architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_arm.deb

      Size/MD5 checksum: 32532
9a3cf4674a2632ac1742551cb27cbe39

HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_hppa.deb

      Size/MD5 checksum: 34492
f8a9db92d0ad4d81d58fcc6e763faf47

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_i386.deb

      Size/MD5 checksum: 32864
13c32d5164243e60e2ef00878c973c2f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_ia64.deb

      Size/MD5 checksum: 38038
dcfae670ad3dd9911d5085bcc177a8eb

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_m68k.deb

      Size/MD5 checksum: 31552
9dcd158543df00f1a13012647ec842bb

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_mips.deb

      Size/MD5 checksum: 34404
32922b44fef79abce8ca78587eb55453

PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_powerpc.deb

      Size/MD5 checksum: 33636
75f0beb7494479f926c19a1f7e2b8297

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_s390.deb

      Size/MD5 checksum: 33218
096e0022136b767152d2da4a1563edc5

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_sparc.deb

      Size/MD5 checksum: 33246
5e47a79b9092cae3878294f49bf211c2

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200611-21


http://security.gentoo.org/


Severity: Low
Title: Kile: Incorrect backup file permission
Date: November 27, 2006
Bugs: #155613
ID: 200611-21


Synopsis

Kile uses default permissions for backup files, potentially
leading to information disclosure.

Background

Kile is a TeX/LaTeX editor for KDE.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  app-editors/kile     < 1.9.2-r1                       >= 1.9.2-r1

Description

Kile fails to set the same permissions on backup files as on the
original file. This is similar to CVE-2005-1920.

Impact

A kile user may inadvertently grant access to sensitive
information.

Workaround

There is no known workaround at this time.

Resolution

All Kile users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1"

References

[ 1 ] CVE-2005-1920

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200611-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Red Hat Linux


Red Hat Security Advisory

Synopsis: Critical: jbossas security update
Advisory ID: RHSA-2006:0743-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0743.html

Issue date: 2006-11-27
Updated on: 2006-11-27
Product: Red Hat Application Stack
CVE Names: CVE-2006-5750


1. Summary:

An updated jbossas package that corrects a security
vulnerability is now available for Red Hat Application Stack.

This update has been rated as having critical security impact by
the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4) –
noarch
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) –
noarch

3. Problem description:

JBoss Application Server is a J2EE certified platform for
developing and deploying enterprise Java applications, Web
applications, and Portals.

Symantec discovered a flaw in the DeploymentFileRepository class
of the JBoss Application Server. A remote attacker who is able to
access the console manager could read or write to files with the
permissions of the JBoss user. This could potentially lead to
arbitrary code execution as the jboss user. (CVE-2006-5750)

For the Red Hat Application Stack, the jbossas service is not
enabled by default. Once the jbossas service is enabled, the
console manager will become accessible on port 8080. Although port
8080 will be blocked from outside access by the default Red Hat
Enterprise Linux firewall rules, users should ensure that the
console is not available publicly and is adequately protected by
authentication as explained in the JBoss documentation. A correct
configuration of the JBoss Application Server would mitigate this
vulnerability to only being exploitable by users who have
authorization to use the console manager.

All users of Red Hat Application Stack are advised to upgrade to
these updated packages, which resolve the directory traversal issue
with a backported patch.

These updated packages also contain a change to the default
jbossas configuration file. For users installing Red Hat
Application Stack for the first time, all JBoss Application Server
network services, including the management consoles, will be
restricted by default to localhost. No change is made for users
upgrading previously installed jbossas packages.

Users who already have Red Hat Application Stack installed
should check to make sure that they have correctly followed the
security guidelines and that the management consoles are not
accessible to unauthorized users.

Red Hat would like to thank Symantec for reporting this
issue.

4. Solution:

Before applying this update, make sure that the jbossas service
is not running and all previously released errata relevant to your
system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.

Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:

up2date

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

215828 – CVE-2006-5750 JBoss Java Class DeploymentFileRepository
Directory Traversal
216177 – JBossAS needs to be bound to localhost by default
216786 – Config files in the jbossas rpm should be marked
accordingly

6. RPMs required:

Red Hat Application Stack v1 for Enterprise Linux AS (v.4):

SRPMS:

ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/jbossas-4.0.4-1.el4s1.25.src.rpm

ddcee54695279bfa2bcc1e6dc272edc5
jbossas-4.0.4-1.el4s1.25.src.rpm

noarch:
edf562a2624881d8198f23bd3e61f443
jbossas-4.0.4-1.el4s1.25.noarch.rpm

Red Hat Application Stack v1 for Enterprise Linux ES (v.4):

SRPMS:

ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/jbossas-4.0.4-1.el4s1.25.src.rpm

ddcee54695279bfa2bcc1e6dc272edc5
jbossas-4.0.4-1.el4s1.25.src.rpm

noarch:
edf562a2624881d8198f23bd3e61f443
jbossas-4.0.4-1.el4s1.25.noarch.rpm

These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5750

http://kbase.redhat.com/faq/FAQ_107_9629.shtm

http://www.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

rPath Linux

rPath Security Advisory: 2006-0218-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect User Deterministic
Unauthorized Access
Updated Versions:
ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.4-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082

    https://issues.rpath.com/browse/RPL-811

    https://issues.rpath.com/browse/RPL-389

Description:

Previous versions of the ImageMagick package contained multiple
vulnerabilities. Attacker-supplied malformed image files may allow
arbitrary code execution as the running user.

rPath Security Advisory: 2006-0219-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Indirect User Deterministic
Unauthorized Access
Updated Versions: info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
install-info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
texinfo=/conary.rpath.com@rpl:devel//1/4.8-6.2-1

References:

    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810

    https://issues.rpath.com/browse/RPL-810

Description:

Previous versions of the texinfo package can be caused to
execute arbitrary code contained in an intentionally malformed
texinfo file. These texinfo commands are often run automatically
when building software packages.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis