CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : apache
SUMMARY : Several vulnerabilities in apache, mod_ssl and
mod_dav
DATE : 2004-09-23 12:10:00
ID : CLA-2004:868
RELEVANT RELEASES : 9, 10
DESCRIPTION
Apache[1] is the most popular webserver in use today.
This announcement fixes the following issues with apache,
mod_ssl and mod_dav:
- Denial of service in ap_get_mime_headers_core() function
(CAN-2004-0493[2])The ap_get_mime_headers_core() function in Apache httpd 2.0.49
allows remote attackers to cause a denial of service (memory
exhaustion). - Buffer overflow in .htaccess files handler (CAN-2004-0747[3])
Buffer overflow in Apache 2.0.50 and earlier allows local
attackers to gain apache privileges via a .htaccess file that
causes the buffer overflow during expansion of environment
variables. - Denial of service in mod_ssl (CAN-2004-0748[4])
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to
cause a denial of service (CPU consumption) by aborting an SSL
connection in a way that causes an Apache child process to enter an
infinite loop. - Denial of service in char_buffer_read() function in mod_ssl
(CAN-2004-0751[5])The char_buffer_read function in the mod_ssl module for Apache
2.x, when using reverse proxying to an SSL server, allows remote
attackers to cause a denial of service (segmentation fault). - Denial of service in IPv6 URI parsing routines
(CAN-2004-0786[6])The IPv6 URI parsing routines in the apr-util library for Apache
2.0.50 and earlier allow remote attackers to cause a denial of
service (child process crash) via a certain URI, as demonstrated
using the Codenomicon HTTP Test Tool. - Denial of service in mod_dav (CAN-2004-0809[7])
The mod_dav module in Apache 2.0.50 and earlier allows remote
attackers to cause a denial of service (child process crash) via a
certain sequence of LOCK requests for a location that allows WebDAV
authoring access.
SOLUTION
It is recommended that all Apache users upgrade their packages.
IMPORTANT: it is necessary to manually restart the httpd server
after upgrading the packages. In order to do this, execute the
following as root:
# service httpd stop
(wait a few seconds and check with “pidof httpd” if there are
any httpd processes running. On a busy webserver this could take a
little longer)
# service httpd start
REFERENCES
1.http://apache.httpd.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751
6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786
7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_8cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_8cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_8cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : qt3
SUMMARY : Fixes for image loader vulnerabilities
DATE : 2004-09-22 10:55:00
ID : CLA-2004:866
RELEVANT RELEASES : 9, 10
DESCRIPTION
QT[1] is a cross-platform GUI toolkit mostly used by KDE.
Chris Evans found[2] a heap overflow vulnerability[3] in the QT
library when handling 8-bit RLE encoded BMP files. An attacker
could use this to compromise the account used to view the specially
crafted image. Further investigations found similar vulnerabilities
in XPM[4], GIF[5] and JPEG image handlers.
SOLUTION
It is recommended that all qt users upgrade their packages.
IMPORTANT: all applications linked against libqt must be
restarted after the upgrade in order to close the
vulnerabilities.
REFERENCES
1.http://www.qt.org
2.http://marc.theaimsgroup.com/?l=bugtraq&m=109295309008309&w=2
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/qt3-3.2.3-55983U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-assistant-lib-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-database-plugin-mysql-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-database-plugin-odbc-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-database-plugin-pgsql-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-designer-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-designer-lib-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-devel-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-devel-static-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-doc-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-examples-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-linguist-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-tutorial-3.2.3-55983U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/qt3-3.1.1-27866U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-assistant-lib-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-database-plugin-mysql-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-database-plugin-odbc-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-database-plugin-pgsql-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-designer-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-designer-lib-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-devel-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-devel-static-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-doc-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-examples-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-linguist-3.1.1-27866U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-tutorial-3.1.1-27866U90_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
CONECTIVA LINUX SECURITY ANNOUNCEMENT
PACKAGE : spamassassin
SUMMARY : Fix for denial of service vulnerability in
SpamAssassin
DATE : 2004-09-22 11:02:00
ID : CLA-2004:867
RELEVANT RELEASES : 9, 10
DESCRIPTION
SpamAssassin[1] is a spam filter for email invoked from MDAs (Mail
Delivery Agents).
This security fix prevents a denial of service attack open to
certain malformed messages that affects all SpamAssassin 2.5x <
2.54 and 2.6x < 2.64.
SOLUTION
It is recommended that all SpamAssassin users upgrade their
packages. Please note that the service will be automatically
restarted after the upgrade if it was already running.
REFERENCES
1.http://www.spamassassin.org/
2.http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/spamassassin-2.63-54029U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/spamassassin-2.63-54029U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/spamassassin-doc-2.63-54029U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/spamassassin-2.60-28724U90_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/spamassassin-2.60-28724U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/spamassassin-doc-2.60-28724U90_2cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com