- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : cvs
SUMMARY : Update: cvs remote double free() vulnerability
DATE : 2003-01-23 10:54:00
ID : CLA-2003:561
RELEVANT
RELEASES : 6.0, 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
CVS is a version control system largely used in software projects.
During a code audit, Stefan Esser discovered a double free()
vulnerability[2][3] in the CVS code. This vulnerability can be
exploited by remote users, authenticated or anonymous, to execute
arbitrary commands on the server.
Please note that users with write access to CVS (the so called
"commiters") usually already have shell access on the server, or can
easily get shell access as has already been discussed elsewhere[4].
Besides fixing the double free vulnerability, the new packages
provided with this update now have the Checkin-prog and Update-prog
commands disabled.
UPDATE
The previous CVS update (CLSA-2003:560), while indeed fixing the
security vulnerability, introduced problems which prevented it from
being used due to the way the Checkin-prog and Update-prog commands
where disabled. This has now been fixed.
SOLUTION
It is recommended that all CVS administrators upgrade their packages
immediately.
REFERENCES
1. http://www.cvshome.org/
2. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0015
3. http://security.e-matters.de/advisories/012003.html
4. http://online.securityfocus.com/archive/1/72584
5. http://bugzilla.conectiva.com/show_bug.cgi?id=7507
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/cvs-1.10.8-5U60_4cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cvs-1.10.8-5U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/cvs-doc-1.10.8-5U60_4cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/cvs-1.11-7U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cvs-1.11-7U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cvs-doc-1.11-7U70_3cl.i386.r
ftp://atualizacoes.conectiva.com.br/8/SRPMS/cvs-1.11-9U80_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cvs-1.11-9U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/cvs-doc-1.11-9U80_3cl.i386.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : libpng
SUMMARY : Buffer overflow vulnerability
DATE : 2003-01-23 18:17:00
ID : CLA-2003:564
RELEVANT
RELEASES : 6.0, 7.0, 8
- -------------------------------------------------------------------------
DESCRIPTION
libpng is a library used to create and manipulate PNG (Portable
Network Graphics) image files.
Glenn Randers-Pehrson discovered a buffer overflow vulnerability in
unpatched libpng versions prior to 1.0.15 and 1.2.5(*) (inclusive).
Programs such as web browsers and various others common applications
make use of libpng. An attacker could exploit this vulnerability to
remotely run arbitrary code or crash such applications by using a
specially crafted png image.
This update provides patched versions of libpng with fixes for this
vulnerability.
* The libpng-1.2.X series is available only in Conectiva Linux 8 in
the libpng3 package.
SOLUTION
All users should upgrade.
Please note that in order to complete the upgrade process, you must
restart all running aplications that are linked against libpng after
the new packages installation. You can see a list of such
applications using the lsof utility, as seen below:
# lsof | grep libpng
REFERENCES:
1.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libpng-1.0.14-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libpng-devel-1.0.14-1U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/libpng-1.0.14-1U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libpng-1.0.14-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libpng-devel-1.0.14-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libpng-devel-static-1.0.14-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libpng-doc-1.0.14-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/libpng-1.0.14-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libpng-1.0.14-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libpng3-1.2.4-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libpng-devel-1.2.4-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libpng-devel-static-1.2.4-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libpng-doc-1.2.4-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/libpng-1.0.14-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/libpng3-1.2.4-1U80_2cl.src.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : dhcp
SUMMARY : Remote Vulnerability
DATE : 2003-01-23 16:54:00
ID : CLA-2003:562
RELEVANT
RELEASES : 8
- -------------------------------------------------------------------------
DESCRIPTION
The package "dhcp" provides a Dynamic Host Configuration Protocol[1]
server developed by ISC (ISC DHCPD).
During an internal source code audit, the ISC developers found
several stack-based buffer overflow vulnerabilities[2,3] in the error
handling routines of the minires library. This library is used by the
NSUPDATE feature, which is present in dhcp versions newer than 3.0
and allows the DHCP server to dynamically update DNS server records.
A remote attacker which can send messages directly to the DHCP server
can exploit these vulnerabilities to execute arbitrary code in the
server context with the privileges of the root user.
The packages provided with this announcement fix these
vulnerabilities with a patch from ISC. Please note that Conectiva
Linux versions prior to 8 do not ship dhcp 3.0 and therefore are not
vulnerable to this problem.
SOLUTION
All dhcp users should upgrade immediately. After upgrading the
packages, please restart the dhcpd service if it is already running.
This can be done with the command below (as the root user):
# service dhcpd restart
REFERENCES:
1.http://www.ietf.org/rfc/rfc2131.txt
2.http://www.cert.org/advisories/CA-2003-01.html
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0026
4.http://www.isc.org/products/DHCP/
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/8/RPMS/dhcp-3.0-3U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/dhcp-doc-3.0-3U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/dhcp-3.0-3U80_2cl.src.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.