---

Advisories: September 6, 2005

Debian GNU/Linux


Debian Security Advisory DSA 795-2 [email protected]
http://www.debian.org/security/
Michael Stone
September 2, 2005 http://www.debian.org/security/faq


Package : proftpd
Vulnerability : potential code execution
Problem-Type : format string error
Debian-specific: no
CVE ID : CAN-2005-2390

infamous42md reported that proftpd suffers from two format
string vulnerabilities. In the first, a user with the ability to
create a directory could trigger the format string error if there
is a proftpd shutdown message configured to use the “%C”, “%R”, or
“%U” variables. In the second, the error is triggered if mod_sql is
used to retrieve messages from a database and if format strings
have been inserted into the database by a user with permission to
do so.

There was a build error for the sarge i386 proftpd packages
released in DSA 795-1. A new build, 1.2.10-15sarge1.0.1, has been
prepared to correct this error. The packages for other
architectures are unaffected.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/proftpd/proftpd_1.2.10-15sarge1.0.1_i386.deb

      Size/MD5 checksum: 371596
bd3d82221561e281e11d4583ce384b4f
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-common_1.2.10-15sarge1.0.1_i386.deb

      Size/MD5 checksum: 189462
05f1c13c671f2576e119bfc316d01814
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-ldap_1.2.10-15sarge1.0.1_i386.deb

      Size/MD5 checksum: 381726
b2d469c77fed2de5d35c325226556b02
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-mysql_1.2.10-15sarge1.0.1_i386.deb

      Size/MD5 checksum: 397092
ef73f4b69701c8e88454f56887ed5b35
    http://security.debian.org/pool/updates/main/p/proftpd/proftpd-pgsql_1.2.10-15sarge1.0.1_i386.deb

      Size/MD5 checksum: 396948
42aaaeb976a9395550efc9667aa4ff31

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 801-1 [email protected]
http://www.debian.org/security/
Martin Schulze
September 5th, 2005 http://www.debian.org/security/faq


Package : ntp
Vulnerability : programming error
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2496

SuSE developers discovered that ntp confuses the given group id
with the group id of the given user when called with a group id on
the commandline that is specified as a string and not as a numeric
gid, which causes ntpd to run with different privileges than
intended.

The old stable distribution (woody) is not affected by this
problem.

For the stable distribution (sarge) this problem has been fixed
in version 4.2.0a+stable-2sarge1.

The unstable distribution (sid) is not affected by this
problem.

We recommend that you upgrade your ntp-server package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.dsc

      Size/MD5 checksum: 854
073a5db4d10747c018badaf285c8d673
    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1.diff.gz

      Size/MD5 checksum: 227920
18441676d886725e9772f50d6d66ed73
    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz

      Size/MD5 checksum: 2272395
30f8b3d5b970c14dce5c6d8c922afa3e

Architecture independent components:

    http://security.debian.org/pool/updates/main/n/ntp/ntp-doc_4.2.0a+stable-2sarge1_all.deb

      Size/MD5 checksum: 888700
65e345e5a4c5671c35c35c2321a57929

Alpha architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_alpha.deb

      Size/MD5 checksum: 281984
8018bab983d1b1273d80f13c98ab043e
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_alpha.deb

      Size/MD5 checksum: 268648
6a928c73d9a35e5d46be564919bfc5b3
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_alpha.deb

      Size/MD5 checksum: 33048
1206c292d2aea812ab31bc6c82747a83
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_alpha.deb

      Size/MD5 checksum: 157866
8129080e8d5a3efeeb35639a016455cc
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_alpha.deb

      Size/MD5 checksum: 48592
05084385b3fc719fc86ad052fa03417d

AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_amd64.deb

      Size/MD5 checksum: 264728
7fcf78a01ddc8e476057626abec86301
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_amd64.deb

      Size/MD5 checksum: 214096
e50b5a1b4dc57d8717fff35a3e482e11
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_amd64.deb

      Size/MD5 checksum: 31970
0251dd0e396376bf7eddaab24011dba8
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_amd64.deb

      Size/MD5 checksum: 129240
1c87bef079e38724a2c842001ba27444
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_amd64.deb

      Size/MD5 checksum: 44064
75f22981803941881927a8d5c81e95ef

ARM architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_arm.deb

      Size/MD5 checksum: 257214
619dabee145fcc286294846d69d7d90c
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_arm.deb

      Size/MD5 checksum: 209646
1e134996fc09d8d0c93a7bfb4414c95a
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_arm.deb

      Size/MD5 checksum: 31368
3fe285ab9de86209226659ee91e07784
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_arm.deb

      Size/MD5 checksum: 127812
d0a44d77818399c1dbffba95a0d2bb71
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_arm.deb

      Size/MD5 checksum: 42664
6e4e47990a6d0c296fee757c6f4f0d43

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_i386.deb

      Size/MD5 checksum: 255444
03cc653031d7be7ff023b66a59bc681e
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_i386.deb

      Size/MD5 checksum: 200168
7a5bc9c7071e9b4c48573aa0e1334013
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_i386.deb

      Size/MD5 checksum: 31284
82c3f7be081c0c49f7447c0a2bffe007
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_i386.deb

      Size/MD5 checksum: 120276
e01e8f15ee6b755a71bc80662a9db60e
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_i386.deb

      Size/MD5 checksum: 41574
82575f5fbb7a6bf7d5b98ec9ea0cdfc8

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_ia64.deb

      Size/MD5 checksum: 302788
e9c9691a2effcb54e19e36637b8f4510
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_ia64.deb

      Size/MD5 checksum: 312428
82bbe1fcbfb03f64158b074116440c59
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_ia64.deb

      Size/MD5 checksum: 35044
b9100c5ee1d7bb7feeb42a931078cdd5
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_ia64.deb

      Size/MD5 checksum: 179862
dce97a989ead971d6a2a92914cc27b4c
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_ia64.deb

      Size/MD5 checksum: 54388
c368e58b9ab51c7ee284962fb87df75f

HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_hppa.deb

      Size/MD5 checksum: 268198
2fd7862ec6edb2fc494da2ddad4a04fd
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_hppa.deb

      Size/MD5 checksum: 223882
45e64eae438e54010678c4238561bbe7
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_hppa.deb

      Size/MD5 checksum: 32602
78cf25bd39bc1d32c7fe0717b85ebc0b
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_hppa.deb

      Size/MD5 checksum: 132252
2a38c59d881fede586fe0a1188f68cb6
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_hppa.deb

      Size/MD5 checksum: 45084
6b16a8e6dd8a4e734c5c78a48a661d53

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_m68k.deb

      Size/MD5 checksum: 245984
0fd8a681ade16a07b93871b9f274c833
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_m68k.deb

      Size/MD5 checksum: 176774
0b0f69e0c66d6f884471d3f75ca97e7b
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_m68k.deb

      Size/MD5 checksum: 30962
370a2555328ef924fd184e705f481fbb
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_m68k.deb

      Size/MD5 checksum: 108038
f40c34ae5aa890b32ba3ad7ae9d2ebcf
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_m68k.deb

      Size/MD5 checksum: 39940
52edbfdbe569a155f849e9cb1f171955

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mips.deb

      Size/MD5 checksum: 268154
9135d6701c0ab87d77a73cc9850a0726
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mips.deb

      Size/MD5 checksum: 233488
56e93ee7ecba66b6ebca7310cd564faa
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mips.deb

      Size/MD5 checksum: 33926
fd4e4f7c6abd5ae4d106eb193944f616
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mips.deb

      Size/MD5 checksum: 138146
0e816e27f765f9a046127f4bb7163819
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mips.deb

      Size/MD5 checksum: 46228
acb472598aa68bcc2e02f7fa76c39519

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_mipsel.deb

      Size/MD5 checksum: 270556
83a5301cef400a1c60ebab2a39907436
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_mipsel.deb

      Size/MD5 checksum: 242944
a6550d4d21423deecafbc8e5c24830b1
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_mipsel.deb

      Size/MD5 checksum: 33942
c2660bf5737ede43d3857a09ae83462d
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_mipsel.deb

      Size/MD5 checksum: 146338
669c97272299c5d6f79cf0cec161a270
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_mipsel.deb

      Size/MD5 checksum: 46606
766f54b333ecafbce9f935c3013aa273

PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_powerpc.deb

      Size/MD5 checksum: 266082
4b95908ba945a5981de225e7f08a08cf
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_powerpc.deb

      Size/MD5 checksum: 213172
40f7b322d123d4a0c07b0a72c88ea316
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_powerpc.deb

      Size/MD5 checksum: 31914
41f2214cbba83c953645d828cb08163c
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_powerpc.deb

      Size/MD5 checksum: 129092
f278da81542a03b383117acdbc223045
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_powerpc.deb

      Size/MD5 checksum: 43684
67e6a656ad5786b54f5924b4d33f7da3

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_s390.deb

      Size/MD5 checksum: 262906
a5dba3ef8693a44ca7e53c750a7b602c
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_s390.deb

      Size/MD5 checksum: 209214
521113f21da1b4b125806dc673c13a41
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_s390.deb

      Size/MD5 checksum: 31812
f115ec3f6c74b884c2e8d6ed46c362e8
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_s390.deb

      Size/MD5 checksum: 126366
2bea02161d8fe272b63e9ea73afd2634
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_s390.deb

      Size/MD5 checksum: 44204
b6c1d457ee2938707cc601ee533d4103

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/ntp/ntp_4.2.0a+stable-2sarge1_sparc.deb

      Size/MD5 checksum: 255138
2fa91e71128b89183d52bda74f4e6329
    http://security.debian.org/pool/updates/main/n/ntp/ntp-refclock_4.2.0a+stable-2sarge1_sparc.deb

      Size/MD5 checksum: 201106
945e6362db7bca49daa7f1ae91637b60
    http://security.debian.org/pool/updates/main/n/ntp/ntp-server_4.2.0a+stable-2sarge1_sparc.deb

      Size/MD5 checksum: 31398
578d29c5f031717a9a5cd7c5afa6f756
    http://security.debian.org/pool/updates/main/n/ntp/ntp-simple_4.2.0a+stable-2sarge1_sparc.deb

      Size/MD5 checksum: 120274
9cabce720603c3b96b168df882bb3230
    http://security.debian.org/pool/updates/main/n/ntp/ntpdate_4.2.0a+stable-2sarge1_sparc.deb

      Size/MD5 checksum: 42486
75b2d4cc418c402819f29249b329fcb0

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Fedora Core


Fedora Update Notification
FEDORA-2005-841
2005-09-06


Product : Fedora Core 3
Name : perl-DBI
Version : 1.40
Release : 6.fc3
Summary : A database access API for Perl.

Description :
DBI is a database access Application Programming Interface (API)
for the Perl programming language. The DBI API specification
defines a set of functions, variables and conventions that provide
a consistent database interface independent of the actual database
being used.


Update Information:

Old and low priority security update that we forgot to push a
while ago.


  • Mon Jan 24 2005 Chip Turner <[email protected]> – 1.40-7
    • remove .orig left by patches
  • Mon Jan 24 2005 Chip Turner <[email protected]> 1.40-7
    • bugzilla: 145577, fix tempfile vulnerability

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

eb26057adb4896dd345f8c6250c577a4
SRPMS/perl-DBI-1.40-6.fc3.src.rpm
17013d4820bece20e5415d9fce185194
x86_64/perl-DBI-1.40-6.fc3.x86_64.rpm
0242e76191bc1b8faa146d117cbe6283
x86_64/debug/perl-DBI-debuginfo-1.40-6.fc3.x86_64.rpm
9c2c769283f9e6469dea3328ab1bcd56
i386/perl-DBI-1.40-6.fc3.i386.rpm
c33e9fe31e20a520638869692b518381
i386/debug/perl-DBI-debuginfo-1.40-6.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2005-851
2005-09-06


Product : Fedora Core 4
Name : squid
Version : 2.5.STABLE9
Release : 8
Summary : The Squid proxy caching server.

Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and
especially hot objects cached in RAM, caches DNS lookups, supports
non-blocking DNS lookups, and implements negative caching of failed
requests.

Squid consists of a main server program squid, a Domain Name
System lookup program (dnsserver), a program for retrieving FTP
data (ftpget), and some management and client tools.


  • Tue Sep 6 2005 Martin Stransky <[email protected]>
    7:2.5.STABLE9-8

    • Three upstream patches for #167414
    • Spanish and Greek messages
    • patch for -D_FORTIFY_SOURCE=2

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

84ffacd1861487183b380b9d10eaefad
SRPMS/squid-2.5.STABLE9-8.src.rpm
e3edef9bb8a108f14a5320adc5bb4911
ppc/squid-2.5.STABLE9-8.ppc.rpm
1a40db4808c6b8275294b7958ee7efec
ppc/debug/squid-debuginfo-2.5.STABLE9-8.ppc.rpm
1663acd75c2347126210263fb1b39143
x86_64/squid-2.5.STABLE9-8.x86_64.rpm
8f982a06009db83614118735e2efff27
x86_64/debug/squid-debuginfo-2.5.STABLE9-8.x86_64.rpm
3ea7ad95299b212639ee90cc28b2156b
i386/squid-2.5.STABLE9-8.i386.rpm
0e5412ed95b927f1a3d20a3a1fbcd555
i386/debug/squid-debuginfo-2.5.STABLE9-8.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2005-852
2005-09-06


Product : Fedora Core 3
Name : squid
Version : 2.5.STABLE9
Release : 1.FC3.7
Summary : The Squid proxy caching server.

Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and
especially hot objects cached in RAM, caches DNS lookups, supports
non-blocking DNS lookups, and implements negative caching of failed
requests.

Squid consists of a main server program squid, a Domain Name
System lookup program (dnsserver), a program for retrieving FTP
data (ftpget), and some management and client tools.


  • Tue Sep 6 2005 Martin Stransky <[email protected]>
    7:2.5.STABLE9-1.FC3.7

    • Three upstream patches for #167414
    • Spanish and Greek messages
    • patch for -D_FORTIFY_SOURCE=2

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

268ed1f8914e63cf62ed219dba64bdd3
SRPMS/squid-2.5.STABLE9-1.FC3.7.src.rpm
9e778cb8cb3c567a1448cbbdb58a279c
x86_64/squid-2.5.STABLE9-1.FC3.7.x86_64.rpm
19e7fc5664b3a329a503ea36246c3f95
x86_64/debug/squid-debuginfo-2.5.STABLE9-1.FC3.7.x86_64.rpm
79d84f9735f50a4178f7b17d5e466c97
i386/squid-2.5.STABLE9-1.FC3.7.i386.rpm
4dc0c0a28762db74b1c9a6effe394e7c
i386/debug/squid-debuginfo-2.5.STABLE9-1.FC3.7.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Gentoo Linux


Gentoo Linux Security Advisory GLSA 200509-02


http://security.gentoo.org/


Severity: Normal
Title: Gnumeric: Heap overflow in the included PCRE library
Date: September 03, 2005
Bugs: #104010
ID: 200509-02


Synopsis

Gnumeric is vulnerable to a heap overflow, possibly leading to
the execution of arbitrary code.

Background

The Gnumeric spreadsheet is a versatile application developed as
part of the GNOME Office project. libpcre is a library providing
functions for Perl-compatible regular expressions.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  app-office/gnumeric     < 1.4.3-r2                    >= 1.4.3-r2

Description

Gnumeric contains a private copy of libpcre which is subject to
an integer overflow leading to a heap overflow (see GLSA
200508-17).

Impact

An attacker could potentially exploit this vulnerability by
tricking a user into opening a specially crafted spreadsheet, which
could lead to the execution of arbitrary code with the privileges
of the user running Gnumeric.

Workaround

There is no known workaround at this time.

Resolution

All Gnumeric users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=app-office/gnumeric-1.4.3-r2"

References

[ 1 ] CAN-2005-2491

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491

[ 2 ] GLSA 200508-17

http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-02.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-03


http://security.gentoo.org/


Severity: High
Title: OpenTTD: Format string vulnerabilities
Date: September 05, 2005
Bugs: #102631
ID: 200509-03


Synopsis

OpenTTD is vulnerable to format string vulnerabilities which may
result in remote execution of arbitrary code.

Background

OpenTTD is an open source clone of the simulation game
“Transport Tycoon Deluxe” by Microprose.

Affected packages


     Package                   /   Vulnerable   /           Unaffected

  1  games-simulation/openttd     < 0.4.0.1-r1           >= 0.4.0.1-r1

Description

Alexey Dobriyan discovered several format string vulnerabilities
in OpenTTD.

Impact

A remote attacker could exploit these vulnerabilities to crash
the OpenTTD server or client and possibly execute arbitrary code
with the rights of the user running OpenTTD.

Workaround

There are no known workarounds at this time.

Resolution

All OpenTTD users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=games-simulation/openttd-0.4.0.1-r1"

References

[ 1 ] CAN-2005-2763

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2763

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-04


http://security.gentoo.org/


Severity: Low
Title: phpLDAPadmin: Authentication bypass
Date: September 06, 2005
Bugs: #104293
ID: 200509-04


Synopsis

A flaw in phpLDAPadmin may allow attackers to bypass security
restrictions and connect anonymously.

Background

phpLDAPadmin is a web-based LDAP client allowing to easily
manage LDAP servers.

Affected packages


     Package               /    Vulnerable    /             Unaffected

  1  net-nds/phpldapadmin     < 0.9.7_alpha6           >= 0.9.7_alpha6

Description

Alexander Gerasiov discovered a flaw in login.php preventing the
application from validating whether anonymous bind has been
disabled in the target LDAP server configuration.

Impact

Anonymous users can access the LDAP server, even if the
“disable_anon_bind” parameter was explicitly set to avoid this.

Workaround

There is no known workaround at this time.

Resolution

All phpLDAPadmin users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=net-nds/phpldapadmin-0.9.7_alpha6"

References

[ 1 ] CAN-2005-2654

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2654

[ 2 ] Secunia Advisory SA16611

http://secunia.com/advisories/16611/

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-04.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200509-05


http://security.gentoo.org/


Severity: Normal
Title: Net-SNMP: Insecure RPATH
Date: September 06, 2005
Bugs: #103776
ID: 200509-05


Synopsis

The Gentoo Net-SNMP package may provide Perl modules containing
an insecure DT_RPATH, potentially allowing privilege
escalation.

Background

Net-SNMP is a suite of applications used to implement the Simple
Network Management Protocol.

Affected packages


     Package                /   Vulnerable   /              Unaffected

  1  net-analyzer/net-snmp     < 5.2.1.2-r1              >= 5.2.1.2-r1

Description

James Cloos reported that Perl modules from the Net-SNMP package
look for libraries in an untrusted location. This is due to a flaw
in the Gentoo package, and not the Net-SNMP suite.

Impact

A local attacker (member of the portage group) may be able to
create a shared object that would be loaded by the Net-SNMP Perl
modules, executing arbitrary code with the privileges of the user
invoking the Perl script.

Workaround

Limit group portage access to trusted users.

Resolution

All Net-SNMP users should upgrade to the latest version:

    # emerge  --sync
    # emerge --ask --oneshot --verbose ">=net-analyzer/net-snmp-5.2.1.2-r1"

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200509-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandriva Linux


Mandriva Linux Security Update Advisory


Package name: ntp
Advisory ID: MDKSA-2005:156
Date: September 6th, 2005
Affected versions: 10.2


Problem Description:

When starting xntpd with the -u option and specifying the group
by using a string not a numeric gid the daemon uses the gid of the
user not the group.

The updated packages have been patched to correct this
problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2496


Updated Packages:

Mandrakelinux 10.2:
f8c40868f356423814da1ed1c96fa467
10.2/RPMS/ntp-4.2.0-18.1.102mdk.i586.rpm
bbfded59532b51fb226f4a1d770b17ad
10.2/RPMS/ntp-client-4.2.0-18.1.102mdk.i586.rpm
fa12c82a51e78230bedfb1b60bfd2076
10.2/SRPMS/ntp-4.2.0-18.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
11d77745e05f559a9e3fa1beb2b19187
x86_64/10.2/RPMS/ntp-4.2.0-18.1.102mdk.x86_64.rpm
c64b3db1d415c80e76fab18066ef05ef
x86_64/10.2/RPMS/ntp-client-4.2.0-18.1.102mdk.x86_64.rpm
fa12c82a51e78230bedfb1b60bfd2076
x86_64/10.2/SRPMS/ntp-4.2.0-18.1.102mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: smb4k
Advisory ID: MDKSA-2005:157
Date: September 6th, 2005
Affected versions: 10.1, 10.2


Problem Description:

A severe security issue has been discovered in Smb4K. By linking
a simple text file FILE to /tmp/smb4k.tmp or /tmp/sudoers, an
attacker could get access to the full contents of the
/etc/super.tab or /etc/sudoers file, respectively, because Smb4K
didn’t check for the existance of these files before writing any
contents. When using super, the attack also resulted in
/etc/super.tab being a symlink to FILE.

Affected are all versions of the 0.4, 0.5, and 0.6 series of
Smb4K.

The updated packages have been patched to correct this
problem.


References:

http://smb4k.berlios.de


Updated Packages:

Mandrakelinux 10.1:
dd4471a3de6feb035637f15dd75d8d56
10.1/RPMS/smb4k-0.4.0-3.1.101mdk.i586.rpm
d56d014b32bf1ec767fc018f0e40c245
10.1/SRPMS/smb4k-0.4.0-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
a1fd04d53c4c32d69f74bf17a255c250
10.2/RPMS/smb4k-0.5.1-1.1.102mdk.i586.rpm
30d1745f5dafea4c2d12c7b6a7c09526
10.2/SRPMS/smb4k-0.5.1-1.1.102mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: mplayer
Advisory ID: MDKSA-2005:158
Date: September 6th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0


Problem Description:

Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier
allows remote attackers to execute arbitrary code via a video file
with an audio header containing a large value in a strf chunk.

The updated packages have been patched to correct this
problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2718


http://www.sven-tantau.de/public_files/mplayer/mplayer_20050824.txt


Updated Packages:

Mandrakelinux 10.1:
250459965c8fc4f42a2769e749e22e81
10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8
10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24
10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm
9be25967363cd572adfd36bc4d87b93a
10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba
10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026
10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f
10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
250459965c8fc4f42a2769e749e22e81
x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.2.101mdk.i586.rpm
d8c7750a627e80277fce628e2d1e94c8
x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.2.101mdk.i586.rpm
5917312b2927d69c316ccfee23fada24
x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.2.101mdk.i586.rpm

9be25967363cd572adfd36bc4d87b93a
x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.2.101mdk.i586.rpm
c80e742412e9d1d350c370b634c246ba
x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.2.101mdk.i586.rpm
2b8c578c31cb5ee5973b33af7954d026
x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.2.101mdk.i586.rpm
6a2f4fe0b219c835f95a7e0c4947991f
x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.2.101mdk.src.rpm

Mandrakelinux 10.2:
de875487b091b75e8f5247df554081cb
10.2/RPMS/libdha1.0-1.0-0.pre6.8.2.102mdk.i586.rpm
a6604d2eb448775983d3b02b3e407fb0
10.2/RPMS/libpostproc0-1.0-0.pre6.8.2.102mdk.i586.rpm
6798646f4d62525901fc7e39b2ed923e
10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.2.102mdk.i586.rpm
d22348b0c5984578a5943cb7c1f411f3
10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.i586.rpm
4eacc77aa9e231e55c40a0a1175113f9
10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.i586.rpm
b17dc79c2f2f3c7ca1512abde018b069
10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.i586.rpm
956d43071a6e94af9394b5da7fb12a62
10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
1790a5313459770becf4d56943266bb5
x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.2.102mdk.x86_64.rpm

360a5c1ccce816edc10f0764ce818784
x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.2.102mdk.x86_64.rpm

39b2652e9203165fb9c9d44dd75cacdc
x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.2.102mdk.x86_64.rpm
0df3262bbab999f1dbd0710e863c8610
x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.2.102mdk.x86_64.rpm
760154d8cf96ca552c327610b75c1acf
x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.2.102mdk.x86_64.rpm
956d43071a6e94af9394b5da7fb12a62
x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.2.102mdk.src.rpm

Corporate 3.0:
4154fbdaf579fa4999c7d78b21d6cb36
corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.3.C30mdk.i586.rpm
4e3754365ee2513295db740ab3cf6cf0
corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.3.C30mdk.i586.rpm
15334f63a998240eda3beb3adf8b871c
corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.3.C30mdk.i586.rpm

f4e09e3a33b59becd4dd034a3cb0dc96
corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.i586.rpm
068a5c5e29b7c3d191d553e32d4b5d16
corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.i586.rpm
75b97f74726b07e8dbf908ff731c167a
corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.i586.rpm
063e6e15d3cfa8d859acc33da0e90eee
corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm

Corporate 3.0/X86_64:
85e34fedb91a68091e37521fe4d1cfa3
x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.3.C30mdk.x86_64.rpm

3bfdf357b670cd8dc0b310dfa31adf6b
x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.3.C30mdk.x86_64.rpm

278616d508bd32dcdf5f4a1f21bd3249
x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.3.C30mdk.x86_64.rpm

b7008436842f07451bc9867dd2d30973
x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.3.C30mdk.x86_64.rpm

e1b508be67d5f3d0ef42985d02925f45
x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.3.C30mdk.x86_64.rpm

063e6e15d3cfa8d859acc33da0e90eee
x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.3.C30mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: kdeedu
Advisory ID: MDKSA-2005:159
Date: September 6th, 2005
Affected versions: 10.1, 10.2


Problem Description:

Ben Burton notified the KDE security team about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion
script for kvoctrain. This vulnerability was initially discovered
by Javier Fernãndez-Sanguino Peña.

The script uses known filenames in /tmp which allow an local
attacker to overwrite files writeable by the user (manually)
invoking the conversion script.

The updated packages have been patched to correct this
problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2101

http://www.kde.org/info/security/advisory-20050815-1.txt


Updated Packages:

Mandrakelinux 10.1:
22f08da9f14236b97f67c5976eda26d8
10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.i586.rpm
da6b340e1110607e71c3997030e6ff52
10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm
895a59f03e50cfa3976a4b023e6f944d
10.1/RPMS/libkdeedu1-devel-3.2.3-7.1.101mdk.i586.rpm
fab7de15f23ba02676b302e9b9f4606f
10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e689e0327fe6656afe4427dbde6531b4
x86_64/10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.x86_64.rpm
737170e6d672711c36cb2b2e83243172
x86_64/10.1/RPMS/lib64kdeedu1-3.2.3-7.1.101mdk.x86_64.rpm
de170bee8d5bbf97b5d0159865e6414f
x86_64/10.1/RPMS/lib64kdeedu1-devel-3.2.3-7.1.101mdk.x86_64.rpm
da6b340e1110607e71c3997030e6ff52
x86_64/10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm
fab7de15f23ba02676b302e9b9f4606f
x86_64/10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm

Mandrakelinux 10.2:
04f206d950e469d65fa244fabf3607e1
10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.i586.rpm
1d62bb60fb8e272e8ae9aa7ec4476631
10.2/RPMS/libkdeedu1-3.3.2-9.1.102mdk.i586.rpm
d268b14834e1b89e55630bc33d26df15
10.2/RPMS/libkdeedu1-devel-3.3.2-9.1.102mdk.i586.rpm
ab09fc314b45a9ab535b0ec9dcf848a0
10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9d2ae377f8c640ec006a3de8f7773a5a
x86_64/10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.x86_64.rpm
54c81580deb3f2b06944046334759ce3
x86_64/10.2/RPMS/lib64kdeedu1-3.3.2-9.1.102mdk.x86_64.rpm
d200247c5318c421ded410f0c80e1f4c
x86_64/10.2/RPMS/lib64kdeedu1-devel-3.3.2-9.1.102mdk.x86_64.rpm
ab09fc314b45a9ab535b0ec9dcf848a0
x86_64/10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandriva for security. You can obtain
the GPG public key of the Mandriva Security Team by executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>


Mandriva Linux Security Update Advisory


Package name: kdebase
Advisory ID: MDKSA-2005:160
Date: September 6th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0


Problem Description:

Ilja van Sprundel from suresec.org notified the KDE security
team about a serious lock file handling error in kcheckpass that
can, in some configurations, be used to gain root access.

In order for an exploit to succeed, the directory /var/lock has
to be writeable for a user that is allowed to invoke
kcheckpass.

The updated packages have been patched to correct this
problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
http://www.kde.org/info/security/advisory-20050905-1.txt


Updated Packages:

Mandrakelinux 10.1:
fde6f11dca5fa72d8b892326ef18af39
10.1/RPMS/kdebase-3.2.3-134.9.101mdk.i586.rpm
af8c908d2d1e82d38057d8c2a85226ae
10.1/RPMS/kdebase-common-3.2.3-134.9.101mdk.i586.rpm
82059179465feed8f4aa87eeb09083c6 10.1/RPMS/kdebase-kate-3.2.