---

Advisories: September 19, 2005

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200509-11


http://security.gentoo.org/


Severity: Normal
Title: Mozilla Suite, Mozilla Firefox: Buffer overflow
Date: September 18, 2005
Bugs: #105396
ID: 200509-11


Synopsis

Mozilla Suite and Firefox are vulnerable to a buffer overflow
that might be exploited to execute arbitrary code.

Background

The Mozilla Suite is a popular all-in-one web browser that
includes a mail and news reader. Mozilla Firefox is the
next-generation browser from the Mozilla project. They both support
Internationalized Domain Names (IDN), which are domain names
represented by local language characters.

Affected packages


     Package                         /   Vulnerable   /     Unaffected


1 www-client/mozilla-firefox <= 1.0.6-r6 >= 1.0.6-r7 2 www-client/mozilla <= 1.7.11-r2 >= 1.7.11-r3 3 www-client/mozilla-firefox-bin <= 1.0.6-r2 Vulnerable! 4 www-client/mozilla-bin <= 1.7.11 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages on all of their supported architectures.

Description

The Mozilla Suite and Firefox are both vulnerable to a buffer
overflow while processing hostnames containing multiple hyphens.
Note that browsers that have disabled IDN support are immune to
this flaw.

Impact

A remote attacker could setup a malicious site and entice a
victim to visit it, triggering the buffer overflow and potentially
resulting in the execution of arbitrary code with the victim’s
privileges.

Workaround

You can disable the IDN support by opening the “about:config”
page in the browser and manually toggling the “network.IDN”
property to “false”. Alternatively, you can install a security
patch by following the patching instructions given in
References.

Resolution

All Mozilla Firefox users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.6-r7"

All Mozilla Suite users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.11-r3"

There are no fixed Mozilla Firefox or Mozilla Suite binaries
yet. Users of the mozilla-bin or mozilla-firefox-bin packages
should either switch to the source-based versions or apply the
workaround.

References

[ 1 ] CAN-2005-2871

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871

[ 2 ] Mozilla Foundation patching instructions

https://addons.mozilla.org/messages/307259.html

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-12


http://security.gentoo.org/


Severity: Normal
Title: Apache, mod_ssl: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #103554, #104807
ID: 200509-12


Synopsis

mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.

Background

The Apache HTTP server is one of the most popular web servers on
the Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for
Apache 1.3 and is also included in Apache 2.

Affected packages


     Package          /   Vulnerable   /                    Unaffected


1 net-www/mod_ssl < 2.8.24 >= 2.8.24 2 net-www/apache < 2.0.54-r15 >= 2.0.54-r15 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.

Description

mod_ssl contains a security issue when “SSLVerifyClient
optional” is configured in the global virtual host configuration
(CAN-2005-2700). Also, Apache’s httpd includes a PCRE library,
which makes it vulnerable to an integer overflow
(CAN-2005-2491).

Impact

Under a specific configuration, mod_ssl does not properly
enforce the client-based certificate authentication directive,
“SSLVerifyClient require”, in a per-location context, which could
be potentially used by a remote attacker to bypass some
restrictions. By creating a specially crafted “.htaccess” file, a
local attacker could possibly exploit Apache’s vulnerability, which
would result in a local privilege escalation.

Workaround

There is no known workaround at this time.

Resolution

All mod_ssl users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24"

All Apache 2 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.54-r15"

References

[ 1 ] CAN-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

[ 2 ] CAN-2005-2700

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-12.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-13


http://security.gentoo.org/


Severity: High
Title: Clam AntiVirus: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #106279
ID: 200509-13


Synopsis

Clam AntiVirus is subject to vulnerabilities ranging from Denial
of Service to execution of arbitrary code when handling compressed
executables.

Background

Clam AntiVirus is a GPL anti-virus toolkit, designed for
integration with mail servers to perform attachment scanning. Clam
AntiVirus also provides a command line scanner and a tool for
fetching updates of the virus database.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  app-antivirus/clamav       < 0.87                         >= 0.87

Description

Clam AntiVirus is vulnerable to a buffer overflow in
“libclamav/upx.c” when processing malformed UPX-packed executables.
It can also be sent into an infinite loop in “libclamav/fsg.c” when
processing specially-crafted FSG-packed executables.

Impact

By sending a specially-crafted file an attacker could execute
arbitrary code with the permissions of the user running Clam
AntiVirus, or cause a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Clam AntiVirus users should upgrade to the latest
version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87"

References

[ 1 ] CAN-2005-2919

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919

[ 2 ] CAN-2005-2920

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920

[ 3 ] Clam AntiVirus: Release Notes

http://sourceforge.net/project/shownotes.php?release_id=356974

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: cups
Advisory ID: MDKSA-2005:138-1
Date: September 19th, 2005
Original Advisory Date: August 11th, 2005
Affected versions: 10.1


Problem Description:

A vulnerability was discovered in the CUPS printing package
where when processing a PDF file, bounds checking was not correctly
performed on some fields. As a result, this could cause the pdtops
filter to crash.

Update:

The patch to correct this problem was not properly applied to
the Mandriva 10.1 packages. This update properly patches the
packages.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097


Updated Packages:

Mandrakelinux 10.1:
29de9c1bdc9c9f3a3b410f4ca28b1fb2
10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.i586.rpm
9a6d74c99272dbf90868c1053499c0da
10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.i586.rpm
cef4a3e8fc30d6b7656c1edf71c7b40e
10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.i586.rpm
e6dd9484b3656447f6e89906081a88d2
10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm
91e2fbf59ba9902d02fc2ca1ab834b5e
10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.7.101mdk.i586.rpm
4bddcc3a18cbbd4d373d4e812c84e8a5
10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
680cba4f70d11a3c3d9bba59991ae11f
x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
023b15027bf8e4bad718812e5cf582cf
x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
faeeea5056c23e7f9689affe703f47c0
x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
91cb33683bfe1e13d590a6a4c9834b5e
x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
c8d6a05f2fa39aff581224d5f53417ae
x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm

e6dd9484b3656447f6e89906081a88d2
x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm
4bddcc3a18cbbd4d373d4e812c84e8a5
x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

Ubuntu Linux


Ubuntu Security Notice USN-184-1 September 19, 2005
util-linux vulnerability
CAN-2005-2876


A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

mount

The problem can be corrected by upgrading the affected package
to version 2.12-7ubuntu6.1 (for Ubuntu 4.10), or 2.12p-2ubuntu2.2
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

David Watson discovered that “umount -r” removed some
restrictive mount options like the “nosuid” flag. If /etc/fstab
contains user-mountable removable devices which specify the
“nosuid” flag (which is common practice for such devices), a local
attacker could exploit this to execute arbitrary programs with root
privileges by calling “umount -r” on a removable device.

This does not affect the default Ubuntu configuration. Since
Ubuntu mounts removable devices automatically, there is normally no
need to configure them manually in /etc/fstab.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.diff.gz

      Size/MD5: 109678
0f53c5d6208be9e3cff6aeddc8c425a0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.dsc

      Size/MD5: 684
9eeee328200d97c7061c26f6282a8546
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12.orig.tar.gz

      Size/MD5: 1857871
997adf78b98d9d1c5db4f37ea982acff

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12-7ubuntu6.1_all.deb

      Size/MD5: 1003200
ed3311f9aa0a7e56c23577d047c319fd

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_amd64.deb

      Size/MD5: 64334
6882395e415054b701c2e70bdb67ee0e
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_amd64.udeb

      Size/MD5: 482704
f9a48c8a7375e9f8074c065aabdd6838
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_amd64.deb

      Size/MD5: 141548
9eb9d95d01f993f448ad7ca939c111f4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_amd64.deb

      Size/MD5: 397282
ff8ef6b3bbd984d6dede6354541aaff7

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_i386.deb

      Size/MD5: 62742
f704e179423d77e77af3d00870fe8167
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_i386.udeb

      Size/MD5: 474138
a8ca30bfa696161380b877670c4d9419
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_i386.deb

      Size/MD5: 135724
00e352bc778a4dda0f03501c96f747ab
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_i386.deb

      Size/MD5: 373882
a66f10929e0ccd92428499e2406e6b50

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_powerpc.deb

      Size/MD5: 63050
197f4dcd622e12c1e603a189dcb411d3
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_powerpc.udeb

      Size/MD5: 487592
196015505a5781c9000686b0e3692d1f
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_powerpc.deb

      Size/MD5: 137564
6844adb2e3b7e2688579d08db55a3bb0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_powerpc.deb

      Size/MD5: 399388
35f96a97db999cced0307bd0acb6897f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.1.dsc

      Size/MD5: 718
87d4453343f20f472d6c22f57f8f0024
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.diff.gz

      Size/MD5: 74592
09a577be3acfe5951136f6bcb969106b
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.dsc

      Size/MD5: 718
d3964d818741de394f6758e9b344d176
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p.orig.tar.gz

      Size/MD5: 2001658
d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12p-2ubuntu2.2_all.deb

      Size/MD5: 1071916
dc0eceabc84f3d65ce6360fbeb557d2c

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_amd64.deb

      Size/MD5: 67510
587db10c31483770140574c96b088bb4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_amd64.udeb

      Size/MD5: 550626
9ae6cb429953fc0540c854abaf2e6651
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_amd64.deb

      Size/MD5: 146380
a46a1901f8c9ec9bf9aa677f27bbc79c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_amd64.deb

      Size/MD5: 401386
5ba3eb993cb8ea376d9570405c57730d

i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_i386.deb

      Size/MD5: 65744
e377676d6d4a1d7442b7eb4c79356dd4
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_i386.udeb

      Size/MD5: 541066
7045bd2f3ebdec339c4f4fc8d68bc9be
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_i386.deb

      Size/MD5: 140696
c5156a184a4d9fc45a80a3688ef10d89
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_i386.deb

      Size/MD5: 377960
ed0dd2a6803e2163aad3d13b15ca46e4

powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_powerpc.deb

      Size/MD5: 66254
75c8f28f2d50a2f27bcaf2808d7ae4f7
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_powerpc.udeb

      Size/MD5: 556402
e4a18ea0ff5552fa8c341e077cf87bdc
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_powerpc.deb

      Size/MD5: 147474
d03bf255994b756f8a80485ee28a3460
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_powerpc.deb

      Size/MD5: 406646
92f63f8884ae854e9f6f7c2f0d9df731

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis