Conectiva Linux Advisories: apache, qt3, spamassassin

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : apache
SUMMARY : Several vulnerabilities in apache, mod_ssl and
mod_dav
DATE : 2004-09-23 12:10:00
ID : CLA-2004:868
RELEVANT RELEASES : 9, 10

DESCRIPTION
Apache[1] is the most popular webserver in use today.

This announcement fixes the following issues with apache,
mod_ssl and mod_dav:

1. Denial of service in ap_get_mime_headers_core() function
   (CAN-2004-0493[2])

   The ap_get_mime_headers_core() function in Apache httpd 2.0.49
   allows remote attackers to cause a denial of service (memory
   exhaustion).

2. Buffer overflow in .htaccess files handler (CAN-2004-0747[3])

   Buffer overflow in Apache 2.0.50 and earlier allows local
   attackers to gain apache privileges via a .htaccess file that
   causes the buffer overflow during expansion of environment
   variables.

3. Denial of service in mod_ssl (CAN-2004-0748[4])

   mod_ssl in Apache 2.0.50 and earlier allows remote attackers to
   cause a denial of service (CPU consumption) by aborting an SSL
   connection in a way that causes an Apache child process to enter an
   infinite loop.

4. Denial of service in char_buffer_read() function in mod_ssl
   (CAN-2004-0751[5])

   The char_buffer_read function in the mod_ssl module for Apache
   2.x, when using reverse proxying to an SSL server, allows remote
   attackers to cause a denial of service (segmentation fault).

5. Denial of service in IPv6 URI parsing routines
   (CAN-2004-0786[6])

   The IPv6 URI parsing routines in the apr-util library for Apache
   2.0.50 and earlier allow remote attackers to cause a denial of
   service (child process crash) via a certain URI, as demonstrated
   using the Codenomicon HTTP Test Tool.

6. Denial of service in mod_dav (CAN-2004-0809[7])

   The mod_dav module in Apache 2.0.50 and earlier allows remote
   attackers to cause a denial of service (child process crash) via a
   certain sequence of LOCK requests for a location that allows WebDAV
   authoring access.

SOLUTION
It is recommended that all Apache users upgrade their packages.

IMPORTANT: it is necessary to manually restart the httpd server
after upgrading the packages. In order to do this, execute the
following as root:

# service httpd stop

(wait a few seconds and check with “pidof httpd” if there are
any httpd processes running. On a busy webserver this could take a
little longer)

# service httpd start

REFERENCES
1.http://apache.httpd.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0493

3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0747

4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0748

5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0751

6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0786

7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0809

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_8cl.src.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_8cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_8cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

• run: apt-get update
• after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : qt3
SUMMARY : Fixes for image loader vulnerabilities
DATE : 2004-09-22 10:55:00
ID : CLA-2004:866
RELEVANT RELEASES : 9, 10

DESCRIPTION
QT[1] is a cross-platform GUI toolkit mostly used by KDE.

Chris Evans found[2] a heap overflow vulnerability[3] in the QT
library when handling 8-bit RLE encoded BMP files. An attacker
could use this to compromise the account used to view the specially
crafted image. Further investigations found similar vulnerabilities
in XPM[4], GIF[5] and JPEG image handlers.

SOLUTION
It is recommended that all qt users upgrade their packages.

IMPORTANT: all applications linked against libqt must be
restarted after the upgrade in order to close the
vulnerabilities.

REFERENCES
1.http://www.qt.org
2.http://marc.theaimsgroup.com/?l=bugtraq&m=109295309008309&w=2

3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0691

4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0692

5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0693

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/qt3-3.2.3-55983U10_1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-assistant-lib-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-database-plugin-mysql-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-database-plugin-odbc-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-database-plugin-pgsql-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-designer-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-designer-lib-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-devel-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-devel-static-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-doc-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-examples-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-linguist-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/qt3-tutorial-3.2.3-55983U10_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/SRPMS/qt3-3.1.1-27866U90_1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-assistant-lib-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-database-plugin-mysql-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-database-plugin-odbc-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-database-plugin-pgsql-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-designer-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-designer-lib-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-devel-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-devel-static-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-doc-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-examples-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-linguist-3.1.1-27866U90_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/qt3-tutorial-3.1.1-27866U90_1cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

• run: apt-get update
• after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : spamassassin
SUMMARY : Fix for denial of service vulnerability in
SpamAssassin
DATE : 2004-09-22 11:02:00
ID : CLA-2004:867
RELEVANT RELEASES : 9, 10

DESCRIPTION
SpamAssassin[1] is a spam filter for email invoked from MDAs (Mail
Delivery Agents).

This security fix prevents a denial of service attack open to
certain malformed messages that affects all SpamAssassin 2.5x <
2.54 and 2.6x < 2.64.

SOLUTION
It is recommended that all SpamAssassin users upgrade their
packages. Please note that the service will be automatically
restarted after the upgrade if it was already running.

REFERENCES
1.http://www.spamassassin.org/
2.http://marc.theaimsgroup.com/?l=spamassassin-announce&m=109168121628767&w=2

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/spamassassin-2.63-54029U10_2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/spamassassin-2.63-54029U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/10/RPMS/spamassassin-doc-2.63-54029U10_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/SRPMS/spamassassin-2.60-28724U90_2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/spamassassin-2.60-28724U90_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/9/RPMS/spamassassin-doc-2.60-28724U90_2cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

• run: apt-get update
• after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com