Gentoo Linux
Gentoo Linux Security Advisory GLSA 200509-11
Severity: Normal
Title: Mozilla Suite, Mozilla Firefox: Buffer overflow
Date: September 18, 2005
Bugs: #105396
ID: 200509-11
Synopsis
Mozilla Suite and Firefox are vulnerable to a buffer overflow
that might be exploited to execute arbitrary code.
Background
The Mozilla Suite is a popular all-in-one web browser that
includes a mail and news reader. Mozilla Firefox is the
next-generation browser from the Mozilla project. They both support
Internationalized Domain Names (IDN), which are domain names
represented by local language characters.
Affected packages
Package / Vulnerable / Unaffected
1 www-client/mozilla-firefox <= 1.0.6-r6 >= 1.0.6-r7 2 www-client/mozilla <= 1.7.11-r2 >= 1.7.11-r3 3 www-client/mozilla-firefox-bin <= 1.0.6-r2 Vulnerable! 4 www-client/mozilla-bin <= 1.7.11 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages on all of their supported architectures.
Description
The Mozilla Suite and Firefox are both vulnerable to a buffer
overflow while processing hostnames containing multiple hyphens.
Note that browsers that have disabled IDN support are immune to
this flaw.
Impact
A remote attacker could setup a malicious site and entice a
victim to visit it, triggering the buffer overflow and potentially
resulting in the execution of arbitrary code with the victim’s
privileges.
Workaround
You can disable the IDN support by opening the “about:config”
page in the browser and manually toggling the “network.IDN”
property to “false”. Alternatively, you can install a security
patch by following the patching instructions given in
References.
Resolution
All Mozilla Firefox users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-firefox-1.0.6-r7"
All Mozilla Suite users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.11-r3"
There are no fixed Mozilla Firefox or Mozilla Suite binaries
yet. Users of the mozilla-bin or mozilla-firefox-bin packages
should either switch to the source-based versions or apply the
workaround.
References
[ 1 ] CAN-2005-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2871
[ 2 ] Mozilla Foundation patching instructions
https://addons.mozilla.org/messages/307259.html
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200509-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200509-12
Severity: Normal
Title: Apache, mod_ssl: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #103554, #104807
ID: 200509-12
Synopsis
mod_ssl and Apache are vulnerable to a restriction bypass and a
potential local privilege escalation.
Background
The Apache HTTP server is one of the most popular web servers on
the Internet. mod_ssl provides SSL v2/v3 and TLS v1 support for
Apache 1.3 and is also included in Apache 2.
Affected packages
Package / Vulnerable / Unaffected
1 net-www/mod_ssl < 2.8.24 >= 2.8.24 2 net-www/apache < 2.0.54-r15 >= 2.0.54-r15 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
Description
mod_ssl contains a security issue when “SSLVerifyClient
optional” is configured in the global virtual host configuration
(CAN-2005-2700). Also, Apache’s httpd includes a PCRE library,
which makes it vulnerable to an integer overflow
(CAN-2005-2491).
Impact
Under a specific configuration, mod_ssl does not properly
enforce the client-based certificate authentication directive,
“SSLVerifyClient require”, in a per-location context, which could
be potentially used by a remote attacker to bypass some
restrictions. By creating a specially crafted “.htaccess” file, a
local attacker could possibly exploit Apache’s vulnerability, which
would result in a local privilege escalation.
Workaround
There is no known workaround at this time.
Resolution
All mod_ssl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-www/mod_ssl-2.8.24"
All Apache 2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-www/apache-2.0.54-r15"
References
[ 1 ] CAN-2005-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
[ 2 ] CAN-2005-2700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200509-12.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200509-13
Severity: High
Title: Clam AntiVirus: Multiple vulnerabilities
Date: September 19, 2005
Bugs: #106279
ID: 200509-13
Synopsis
Clam AntiVirus is subject to vulnerabilities ranging from Denial
of Service to execution of arbitrary code when handling compressed
executables.
Background
Clam AntiVirus is a GPL anti-virus toolkit, designed for
integration with mail servers to perform attachment scanning. Clam
AntiVirus also provides a command line scanner and a tool for
fetching updates of the virus database.
Affected packages
Package / Vulnerable / Unaffected
1 app-antivirus/clamav < 0.87 >= 0.87
Description
Clam AntiVirus is vulnerable to a buffer overflow in
“libclamav/upx.c” when processing malformed UPX-packed executables.
It can also be sent into an infinite loop in “libclamav/fsg.c” when
processing specially-crafted FSG-packed executables.
Impact
By sending a specially-crafted file an attacker could execute
arbitrary code with the permissions of the user running Clam
AntiVirus, or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All Clam AntiVirus users should upgrade to the latest
version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.87"
References
[ 1 ] CAN-2005-2919
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2919
[ 2 ] CAN-2005-2920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2920
[ 3 ] Clam AntiVirus: Release Notes
http://sourceforge.net/project/shownotes.php?release_id=356974
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200509-13.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Mandriva Linux
Mandriva Linux Security Update Advisory
Package name: cups
Advisory ID: MDKSA-2005:138-1
Date: September 19th, 2005
Original Advisory Date: August 11th, 2005
Affected versions: 10.1
Problem Description:
A vulnerability was discovered in the CUPS printing package
where when processing a PDF file, bounds checking was not correctly
performed on some fields. As a result, this could cause the pdtops
filter to crash.
Update:
The patch to correct this problem was not properly applied to
the Mandriva 10.1 packages. This update properly patches the
packages.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2097
Updated Packages:
Mandrakelinux 10.1:
29de9c1bdc9c9f3a3b410f4ca28b1fb2
10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.i586.rpm
9a6d74c99272dbf90868c1053499c0da
10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.i586.rpm
cef4a3e8fc30d6b7656c1edf71c7b40e
10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.i586.rpm
e6dd9484b3656447f6e89906081a88d2
10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm
91e2fbf59ba9902d02fc2ca1ab834b5e
10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.7.101mdk.i586.rpm
4bddcc3a18cbbd4d373d4e812c84e8a5
10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
680cba4f70d11a3c3d9bba59991ae11f
x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
023b15027bf8e4bad718812e5cf582cf
x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
faeeea5056c23e7f9689affe703f47c0
x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
91cb33683bfe1e13d590a6a4c9834b5e
x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
c8d6a05f2fa39aff581224d5f53417ae
x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.7.101mdk.x86_64.rpm
e6dd9484b3656447f6e89906081a88d2
x86_64/10.1/RPMS/libcups2-1.1.21-0.rc1.7.7.101mdk.i586.rpm
4bddcc3a18cbbd4d373d4e812c84e8a5
x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.7.101mdk.src.rpm
To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.
All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:
gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
Ubuntu Linux
Ubuntu Security Notice USN-184-1 September 19, 2005
util-linux vulnerability
CAN-2005-2876
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
mount
The problem can be corrected by upgrading the affected package
to version 2.12-7ubuntu6.1 (for Ubuntu 4.10), or 2.12p-2ubuntu2.2
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
David Watson discovered that “umount -r” removed some
restrictive mount options like the “nosuid” flag. If /etc/fstab
contains user-mountable removable devices which specify the
“nosuid” flag (which is common practice for such devices), a local
attacker could exploit this to execute arbitrary programs with root
privileges by calling “umount -r” on a removable device.
This does not affect the default Ubuntu configuration. Since
Ubuntu mounts removable devices automatically, there is normally no
need to configure them manually in /etc/fstab.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.diff.gz
Size/MD5: 109678
0f53c5d6208be9e3cff6aeddc8c425a0
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1.dsc
Size/MD5: 684
9eeee328200d97c7061c26f6282a8546
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12.orig.tar.gz
Size/MD5: 1857871
997adf78b98d9d1c5db4f37ea982acff
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12-7ubuntu6.1_all.deb
Size/MD5: 1003200
ed3311f9aa0a7e56c23577d047c319fd
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_amd64.deb
Size/MD5: 64334
6882395e415054b701c2e70bdb67ee0e
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_amd64.udeb
Size/MD5: 482704
f9a48c8a7375e9f8074c065aabdd6838
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_amd64.deb
Size/MD5: 141548
9eb9d95d01f993f448ad7ca939c111f4
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_amd64.deb
Size/MD5: 397282
ff8ef6b3bbd984d6dede6354541aaff7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_i386.deb
Size/MD5: 62742
f704e179423d77e77af3d00870fe8167
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_i386.udeb
Size/MD5: 474138
a8ca30bfa696161380b877670c4d9419
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_i386.deb
Size/MD5: 135724
00e352bc778a4dda0f03501c96f747ab
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_i386.deb
Size/MD5: 373882
a66f10929e0ccd92428499e2406e6b50
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12-7ubuntu6.1_powerpc.deb
Size/MD5: 63050
197f4dcd622e12c1e603a189dcb411d3
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12-7ubuntu6.1_powerpc.udeb
Size/MD5: 487592
196015505a5781c9000686b0e3692d1f
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12-7ubuntu6.1_powerpc.deb
Size/MD5: 137564
6844adb2e3b7e2688579d08db55a3bb0
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12-7ubuntu6.1_powerpc.deb
Size/MD5: 399388
35f96a97db999cced0307bd0acb6897f
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.1.dsc
Size/MD5: 718
87d4453343f20f472d6c22f57f8f0024
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.diff.gz
Size/MD5: 74592
09a577be3acfe5951136f6bcb969106b
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2.dsc
Size/MD5: 718
d3964d818741de394f6758e9b344d176
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p.orig.tar.gz
Size/MD5: 2001658
d47e820f6880c21c8b4c0c7e8a7376cc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12p-2ubuntu2.2_all.deb
Size/MD5: 1071916
dc0eceabc84f3d65ce6360fbeb557d2c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_amd64.deb
Size/MD5: 67510
587db10c31483770140574c96b088bb4
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_amd64.udeb
Size/MD5: 550626
9ae6cb429953fc0540c854abaf2e6651
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_amd64.deb
Size/MD5: 146380
a46a1901f8c9ec9bf9aa677f27bbc79c
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_amd64.deb
Size/MD5: 401386
5ba3eb993cb8ea376d9570405c57730d
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_i386.deb
Size/MD5: 65744
e377676d6d4a1d7442b7eb4c79356dd4
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_i386.udeb
Size/MD5: 541066
7045bd2f3ebdec339c4f4fc8d68bc9be
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_i386.deb
Size/MD5: 140696
c5156a184a4d9fc45a80a3688ef10d89
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_i386.deb
Size/MD5: 377960
ed0dd2a6803e2163aad3d13b15ca46e4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12p-2ubuntu2.2_powerpc.deb
Size/MD5: 66254
75c8f28f2d50a2f27bcaf2808d7ae4f7
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12p-2ubuntu2.2_powerpc.udeb
Size/MD5: 556402
e4a18ea0ff5552fa8c341e077cf87bdc
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12p-2ubuntu2.2_powerpc.deb
Size/MD5: 147474
d03bf255994b756f8a80485ee28a3460
http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12p-2ubuntu2.2_powerpc.deb
Size/MD5: 406646
92f63f8884ae854e9f6f7c2f0d9df731