Debian GNU/Linux
Debian Security Advisory DSA-1219-1 security@debian.org
http://www.debian.org/security/
Noah Meyerhans
November 27, 2006
Package : texinfo
Vulnerability : buffer overflow
Problem type : local
Debian-specific: no
CVE Id(s) : CVE-2005-3011 CVE-2006-4810
BugTraq ID : 14854 20959
Multiple vulnerabilities have been found in the GNU texinfo
package, a documentation system for on-line information and printed
output.
CVE-2005-3011
Handling of temporary files is performed in an insecure manner,
allowing an attacker to overwrite any file writable by the
victim.
CVE-2006-4810
A buffer overflow in util/texindex.c could allow an attacker to
execute arbitrary code with the victim’s access rights by inducing
the victim to run texindex or tex2dvi on a specially crafted
texinfo file.
For the stable distribution (sarge), these problems have been
fixed in version 4.7-2.2sarge2 Note that binary packages for the
mipsel architecture are not currently available due to technical
problems with the build host. These packages will be made available
as soon as possible.
For unstable (sid) and the upcoming stable release (etch), these
problems have been fixed in version 4.8.dfsg.1-4
We recommend that you upgrade your texinfo package.
Upgrade instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian 3.1 (stable)
Stable updates are available for alpha, amd64, arm, hppa, i386,
ia64, m68k, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.dsc
Size/MD5 checksum: 622
f146d738696417a3f14e04875066ef9a
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7.orig.tar.gz
Size/MD5 checksum: 1979183
72a57e378efb9898c9e41ca839554dae
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2.diff.gz
Size/MD5 checksum: 10614
07a591b00a79ba8e2acf13d7654bf3e8
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_alpha.deb
Size/MD5 checksum: 207720
1fce59e479c10386d5bab3d8aec99ddd
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_alpha.deb
Size/MD5 checksum: 884956
93a3606294fd0059390b7da3c5803a1a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_amd64.deb
Size/MD5 checksum: 191308
035c9fb7bffa818819e6e104218d5911
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_amd64.deb
Size/MD5 checksum: 863680
8300c746fbb75231a09229f32f57d126
arm architecture (ARM)
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_arm.deb
Size/MD5 checksum: 178812
d8781c075692500d4d6a799019697a72
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_arm.deb
Size/MD5 checksum: 848862
4d31ba02e3004a5e290d6204ba402b19
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_hppa.deb
Size/MD5 checksum: 867668
934d2a72b73c4342066f1fba21c35fff
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_hppa.deb
Size/MD5 checksum: 195122
07ea3515643ddb8dc29791802974ec40
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_i386.deb
Size/MD5 checksum: 846972
eb370f53f4db1681ead784353f6711c4
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_i386.deb
Size/MD5 checksum: 179614
ee08c755b1eb00043173acfdae2420d7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_ia64.deb
Size/MD5 checksum: 912350
c99196682ffe5436a1f99da332e77f91
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_ia64.deb
Size/MD5 checksum: 229398
e9e6dca2f2250bd07c0605e393105339
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_m68k.deb
Size/MD5 checksum: 171354
93b5762ecf847bba77396f08b04e225e
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_m68k.deb
Size/MD5 checksum: 838386
2d63f36ef81c84ae8bdad8f2be5f1797
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_mips.deb
Size/MD5 checksum: 197790
a4995ad93353790e9c65c1670013ee9d
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_mips.deb
Size/MD5 checksum: 871394
33293634348c2de181f44a1cde80a296
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_powerpc.deb
Size/MD5 checksum: 858718
15af021f7fcc9f8725e6148fcbc7ea45
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_powerpc.deb
Size/MD5 checksum: 190392
0ad24b055c5c6db61c81120a9a3931ee
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_s390.deb
Size/MD5 checksum: 190132
5d21d2dbfe5625f0a16a9016869ebd07
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_s390.deb
Size/MD5 checksum: 862776
79880b6208371510574f131376c01097
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/t/texinfo/info_4.7-2.2sarge2_sparc.deb
Size/MD5 checksum: 179676
ff45ad02e7f8a92ce2c99225a3671f3e
http://security.debian.org/pool/updates/main/t/texinfo/texinfo_4.7-2.2sarge2_sparc.deb
Size/MD5 checksum: 849696
5ebdcaed10e4bf038162a6a937f1bc1a
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 1220-1 security@debian.org
http://www.debian.org/security/
Moritz Muehlenhoff
November 26th, 2006 http://www.debian.org/security/faq
Package : pstotext
Vulnerability : insecure file name quoting
Problem-Type : local(remote)
Debian-specific: no
CVE ID : CVE-2006-5869
Debian Bug : 356988
Brian May discovered that pstotext, a utility to extract plain
text from Postscript and PDF files, performs insufficient quoting
of file names, which allows execution of arbitrary shell
commands.
For the stable distribution (sarge) this problem has been fixed
in version 1.9-1sarge2. The build for the mipsel architecture is
not yet available due to technical problems with the build
host.
For the upcoming stable distribution (etch) this problem has
been fixed in version 1.9-4.
For the unstable distribution (sid) this problem has been fixed
in version 1.9-4.
We recommend that you upgrade your pstotext package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
Source archives:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.dsc
Size/MD5 checksum: 566
56e79abcf02e841e78267bda1faff734
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2.diff.gz
Size/MD5 checksum: 8857
4efb7277f17fca5ebd20573d93b11a83
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9.orig.tar.gz
Size/MD5 checksum: 37461
64576e8a10ff5514e285d98b3898ae78
Alpha architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_alpha.deb
Size/MD5 checksum: 34218
57b121ba1a0f5d53412ab5587c611d68
AMD64 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_amd64.deb
Size/MD5 checksum: 33872
cc72441f0565d8225ae1e97a7df34a82
ARM architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_arm.deb
Size/MD5 checksum: 32532
9a3cf4674a2632ac1742551cb27cbe39
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_hppa.deb
Size/MD5 checksum: 34492
f8a9db92d0ad4d81d58fcc6e763faf47
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_i386.deb
Size/MD5 checksum: 32864
13c32d5164243e60e2ef00878c973c2f
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_ia64.deb
Size/MD5 checksum: 38038
dcfae670ad3dd9911d5085bcc177a8eb
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_m68k.deb
Size/MD5 checksum: 31552
9dcd158543df00f1a13012647ec842bb
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_mips.deb
Size/MD5 checksum: 34404
32922b44fef79abce8ca78587eb55453
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_powerpc.deb
Size/MD5 checksum: 33636
75f0beb7494479f926c19a1f7e2b8297
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_s390.deb
Size/MD5 checksum: 33218
096e0022136b767152d2da4a1563edc5
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/pstotext/pstotext_1.9-1sarge2_sparc.deb
Size/MD5 checksum: 33246
5e47a79b9092cae3878294f49bf211c2
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200611-21
Severity: Low
Title: Kile: Incorrect backup file permission
Date: November 27, 2006
Bugs: #155613
ID: 200611-21
Synopsis
Kile uses default permissions for backup files, potentially
leading to information disclosure.
Background
Kile is a TeX/LaTeX editor for KDE.
Affected packages
Package / Vulnerable / Unaffected
1 app-editors/kile < 1.9.2-r1 >= 1.9.2-r1
Description
Kile fails to set the same permissions on backup files as on the
original file. This is similar to CVE-2005-1920.
Impact
A kile user may inadvertently grant access to sensitive
information.
Workaround
There is no known workaround at this time.
Resolution
All Kile users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1"
References
[ 1 ] CVE-2005-1920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200611-21.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Red Hat Linux
Red Hat Security Advisory
Synopsis: Critical: jbossas security update
Advisory ID: RHSA-2006:0743-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0743.html
Issue date: 2006-11-27
Updated on: 2006-11-27
Product: Red Hat Application Stack
CVE Names: CVE-2006-5750
1. Summary:
An updated jbossas package that corrects a security
vulnerability is now available for Red Hat Application Stack.
This update has been rated as having critical security impact by
the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) –
noarch
Red Hat Application Stack v1 for Enterprise Linux ES (v.4) –
noarch
3. Problem description:
JBoss Application Server is a J2EE certified platform for
developing and deploying enterprise Java applications, Web
applications, and Portals.
Symantec discovered a flaw in the DeploymentFileRepository class
of the JBoss Application Server. A remote attacker who is able to
access the console manager could read or write to files with the
permissions of the JBoss user. This could potentially lead to
arbitrary code execution as the jboss user. (CVE-2006-5750)
For the Red Hat Application Stack, the jbossas service is not
enabled by default. Once the jbossas service is enabled, the
console manager will become accessible on port 8080. Although port
8080 will be blocked from outside access by the default Red Hat
Enterprise Linux firewall rules, users should ensure that the
console is not available publicly and is adequately protected by
authentication as explained in the JBoss documentation. A correct
configuration of the JBoss Application Server would mitigate this
vulnerability to only being exploitable by users who have
authorization to use the console manager.
All users of Red Hat Application Stack are advised to upgrade to
these updated packages, which resolve the directory traversal issue
with a backported patch.
These updated packages also contain a change to the default
jbossas configuration file. For users installing Red Hat
Application Stack for the first time, all JBoss Application Server
network services, including the management consoles, will be
restricted by default to localhost. No change is made for users
upgrading previously installed jbossas packages.
Users who already have Red Hat Application Stack installed
should check to make sure that they have correctly followed the
security guidelines and that the management consoles are not
accessible to unauthorized users.
Red Hat would like to thank Symantec for reporting this
issue.
4. Solution:
Before applying this update, make sure that the jbossas service
is not running and all previously released errata relevant to your
system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade.
Only those RPMs which are currently installed will be updated.
Those RPMs which are not installed but included in the list will
not be updated. Note that you can also use wildcards (*.rpm) if
your current directory only contains the desired RPMs.
Please note that this update is also available via Red Hat
Network. Many people find this an easier way to apply updates. To
use Red Hat Network, launch the Red Hat Update Agent with the
following command:
up2date
This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
215828 – CVE-2006-5750 JBoss Java Class DeploymentFileRepository
Directory Traversal
216177 – JBossAS needs to be bound to localhost by default
216786 – Config files in the jbossas rpm should be marked
accordingly
6. RPMs required:
Red Hat Application Stack v1 for Enterprise Linux AS (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/RHWAS/SRPMS/jbossas-4.0.4-1.el4s1.25.src.rpm
ddcee54695279bfa2bcc1e6dc272edc5
jbossas-4.0.4-1.el4s1.25.src.rpm
noarch:
edf562a2624881d8198f23bd3e61f443
jbossas-4.0.4-1.el4s1.25.noarch.rpm
Red Hat Application Stack v1 for Enterprise Linux ES (v.4):
SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/RHWAS/SRPMS/jbossas-4.0.4-1.el4s1.25.src.rpm
ddcee54695279bfa2bcc1e6dc272edc5
jbossas-4.0.4-1.el4s1.25.src.rpm
noarch:
edf562a2624881d8198f23bd3e61f443
jbossas-4.0.4-1.el4s1.25.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key
and details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5750
http://kbase.redhat.com/faq/FAQ_107_9629.shtm
http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More
contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc.
rPath Linux
rPath Security Advisory: 2006-0218-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Major
Exposure Level Classification: Indirect User Deterministic
Unauthorized Access
Updated Versions:
ImageMagick=/conary.rpath.com@rpl:devel//1/6.2.3.3-3.4-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5456
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4601
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082
https://issues.rpath.com/browse/RPL-811
https://issues.rpath.com/browse/RPL-389
Description:
Previous versions of the ImageMagick package contained multiple
vulnerabilities. Attacker-supplied malformed image files may allow
arbitrary code execution as the running user.
rPath Security Advisory: 2006-0219-1
Published: 2006-11-27
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification: Indirect User Deterministic
Unauthorized Access
Updated Versions: info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
install-info=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
texinfo=/conary.rpath.com@rpl:devel//1/4.8-6.2-1
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
https://issues.rpath.com/browse/RPL-810
Description:
Previous versions of the texinfo package can be caused to
execute arbitrary code contained in an intentionally malformed
texinfo file. These texinfo commands are often run automatically
when building software packages.