---

Security Digest: January 12, 2005

Debian GNU/Linux


Debian Security Advisory DSA 635-1 [email protected]
http://www.debian.org/security/
Martin Schulze
January 12th, 2005 http://www.debian.org/security/faq


Package : exim
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0021
Debian Bug : 289046

Philip Hazel announced a buffer overflow in the host_aton
function in exim, the default mail-tranport-agent in Debian, which
can lead to the execution of arbitrary code via an illegal IPv6
address.

For the stable distribution (woody) this problem has been fixed
in version 3.35-1woody4.

For the unstable distribution (sid) this problem has been fixed
in version 3.36-13 of exim and 4.34-10 of exim4.

We recommend that you upgrade your exim and exim4 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.dsc

Size/MD5 checksum: 661 d97ecab579bd3dbaa3e9be00b8b16d85

http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4.diff.gz

Size/MD5 checksum: 80195 a02abeefa9d1145ae623ad661aab5f5a

http://security.debian.org/pool/updates/main/e/exim/exim_3.35.orig.tar.gz

Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Alpha architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_alpha.deb

Size/MD5 checksum: 872796 a46f5dc95d777366cb492eb57ec8dd9f

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_alpha.deb

Size/MD5 checksum: 52318 bf93e35aec9f401d8413015c50f5cbae

ARM architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_arm.deb

Size/MD5 checksum: 785980 5ced90e4c4ecd1ca6a60980634b309e8

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_arm.deb

Size/MD5 checksum: 43514 07b7324395ff66f68db354c6b4589db7

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_i386.deb

Size/MD5 checksum: 759270 9001a456b0a34f4bf5de88d901c70a97

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_i386.deb

Size/MD5 checksum: 39210 78e5eecee7101a355ddabec9d0f07b98

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_ia64.deb

Size/MD5 checksum: 972852 43f4fc30483d8ad5c42e031fd64a9e8d

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_ia64.deb

Size/MD5 checksum: 65166 cdc921d9be2ec60b5f0ed95a5b976732

HP Precision architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_hppa.deb

Size/MD5 checksum: 815358 c506baffb4404f32762468fbc494551c

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_hppa.deb

Size/MD5 checksum: 48294 d90efe5be79e966e07a7cbe8e9013939

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_m68k.deb

Size/MD5 checksum: 737856 aefe6b63ebd03e9fe449afe22e752547

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_m68k.deb

Size/MD5 checksum: 37752 e0d2b938e50c3b408928b8150459ad2b

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mips.deb

Size/MD5 checksum: 824458 0c1db679287a6de37f2c320f335c650c

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mips.deb

Size/MD5 checksum: 48882 1670c36409482a8a870becf826f7ae68

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_mipsel.deb

Size/MD5 checksum: 824846 88564f1d1b0c1781587d5db1bccdde77

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_mipsel.deb

Size/MD5 checksum: 48778 6a7002c766a84dd81eed39d23f8709d5

PowerPC architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_powerpc.deb

Size/MD5 checksum: 794244 abfa2009cd6417101d120a5980641012

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_powerpc.deb

Size/MD5 checksum: 44794 ea626fcb485a423fb56e61a1c4ae67e9

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_s390.deb

Size/MD5 checksum: 780026 bc9a3b5488cd7ee72c290f86f601beec

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_s390.deb

Size/MD5 checksum: 43930 f50688c682bcaeabfbd47c9e46a06143

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/e/exim/exim_3.35-1woody4_sparc.deb

Size/MD5 checksum: 785298 1841407d21f544cf2645e373a6caad15

http://security.debian.org/pool/updates/main/e/exim/eximon_3.35-1woody4_sparc.deb

Size/MD5 checksum: 42444 632b5aadc5c930c7c3e956fef10d5ffe

These files will probably be moved into the stable distribution
on its next update.


Debian Security Advisory DSA 636-1 [email protected]
http://www.debian.org/security/
Martin Schulze
January 12th, 2005 http://www.debian.org/security/faq


Package : glibc
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0968
BugTraq ID : 11286
Debian Bug : 279680 278278 205600

Several insecure uses of temporary files have been discovered in
support scripts in the libc6 package which provices the c library
for a GNU/Linux system. Trustix developers found that the catchsegv
script uses temporary files insecurely. Openwall developers
discovered insecure temporary files in the glibcbug script. These
scripts are vulnerable to a symlink attack.

For the stable distribution (woody) these problems have been
fixed in version 2.2.5-11.8.

For the unstable distribution (sid) these problems have been
fixed in version 2.3.2.ds1-20.

We recommend that you upgrade your libc6 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.dsc

Size/MD5 checksum: 1458 bc2b80a7f76bbf4243fa86f5245f5a50

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.diff.gz

Size/MD5 checksum: 399970 4e1576598f13f2a628b3eef2c9bcdc48

http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz

Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9

Architecture independent components:


http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.8_all.deb

Size/MD5 checksum: 2699182 c7a50fe321349d3593a8aa14a1a2c86a

http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.8_all.deb

Size/MD5 checksum: 3387990 8aaa9b854416e5a6e9b1a65b1bf7ea62

Alpha architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_alpha.deb

Size/MD5 checksum: 4557986 2a37871e21fdb5a514d09110814d43b5

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_alpha.deb

Size/MD5 checksum: 1351232 def6755e17e3bc9384f9fa2c0d568b55

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_alpha.deb

Size/MD5 checksum: 2981066 41abb2fe30295e762110e4e065c9e188

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_alpha.deb

Size/MD5 checksum: 1321546 f41b8bce8503579888203ac22c866344

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_alpha.deb

Size/MD5 checksum: 1538778 526584f3262d17309a68b1c8f8888ae6

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_alpha.deb

Size/MD5 checksum: 69866 b7135768c78ffff5f453a3027e811d8b

ARM architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_arm.deb

Size/MD5 checksum: 3686218 05ab21bcfd365fd6e56f6745eb0005fd

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_arm.deb

Size/MD5 checksum: 2767406 c5d453caa9030ebf82023e3ded3ff844

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_arm.deb

Size/MD5 checksum: 2863418 4bf8522f010cc826fd494e8deac0a504

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_arm.deb

Size/MD5 checksum: 1182298 6197804eeb01e05a195b4360115cb19d

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_arm.deb

Size/MD5 checksum: 1282776 557442af8531a7dccf5ed38865edfac1

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_arm.deb

Size/MD5 checksum: 59674 c191744f43225bc100f127267dbbd38b

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_i386.deb

Size/MD5 checksum: 3383144 143978addc25816d4da0e850549a17fb

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_i386.deb

Size/MD5 checksum: 2433964 efb2d99d347c2bd1f7a0904c1df18201

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_i386.deb

Size/MD5 checksum: 2390882 78374bee4d59301db2ef508c44517260

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_i386.deb

Size/MD5 checksum: 841904 509a1fb214b2880222014ed345ae0b5b

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_i386.deb

Size/MD5 checksum: 936090 6580c4efcd07515f68cc557a5daeb595

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_i386.deb

Size/MD5 checksum: 59370 07ce697d3001a44f9f69bd821cb4cd4a

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_ia64.deb

Size/MD5 checksum: 4438400 92d599315311e05a48512c09a392aa0e

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_ia64.deb

Size/MD5 checksum: 8369602 901aa7a7845578ae6c85ccced230924b

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_ia64.deb

Size/MD5 checksum: 3546980 2508ffbed6680d16324fc2948b08e73a

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_ia64.deb

Size/MD5 checksum: 1366172 7cc362b3711521d6f5d1b197f7a8b045

http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_ia64.deb

Size/MD5 checksum: 1638402 f5294fe899e09f7fecbef931110d8d50

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_ia64.deb

Size/MD5 checksum: 69942 a79f9355cd77c4eaadbca7662f618c6a

HP Precision architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_hppa.deb

Size/MD5 checksum: 4171374 01206d5d4970e85ba0f3ced021f0be87

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_hppa.deb

Size/MD5 checksum: 3060876 3005ba0066bde9cb5b8a4acf322e236a

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_hppa.deb

Size/MD5 checksum: 2897412 30a3ee4e876c8e5fbd8f8337c95876c1

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_hppa.deb

Size/MD5 checksum: 1280802 460366989b573c75bf6a87ad0ff12271

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_hppa.deb

Size/MD5 checksum: 1445874 15abac5f1a0ba739fe92a866b9f05e9c

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_hppa.deb

Size/MD5 checksum: 62782 180e79bd7cad42a5bfc8dfc1ff898fdc

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_m68k.deb

Size/MD5 checksum: 3506132 6944762f2008e8455f6116d01e00712f

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_m68k.deb

Size/MD5 checksum: 2430672 eb8ed07f4979afa684fc0c13e0aa1608

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_m68k.deb

Size/MD5 checksum: 2284400 5c51d36868f57600a481e53259733d69

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_m68k.deb

Size/MD5 checksum: 731902 187dddf8ea4bc4404ad1a62b276c8b24

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_m68k.deb

Size/MD5 checksum: 839298 e97e9b57d6fd2dea774ae33739a5486e

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_m68k.deb

Size/MD5 checksum: 58264 75601dccba26cb706ed8caa53ea25a7e

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mips.deb

Size/MD5 checksum: 3864828 c9a688e83c24c9098b50602b63e777c4

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mips.deb

Size/MD5 checksum: 3846450 4d9aa1133ea550814b553f19ccace4e8

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mips.deb

Size/MD5 checksum: 3020726 08425a684bd8b8b363351c099fcec37f

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mips.deb

Size/MD5 checksum: 1204310 38a52a2e0807bb3400f4d0109cb59609

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mips.deb

Size/MD5 checksum: 1358842 5de4e0fea3ca4d405bf3f718a54a87f4

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mips.deb

Size/MD5 checksum: 61308 50ff02f524d05c3cbb5ba261feedad93

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mipsel.deb

Size/MD5 checksum: 3732104 7c6bca23f53680184c58b5242e849243

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mipsel.deb

Size/MD5 checksum: 3753524 d54f0987fd3f4c498ca1b3c68967046f

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mipsel.deb

Size/MD5 checksum: 2990830 4b535ca534ebf3f4ab72fd22ae217257

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mipsel.deb

Size/MD5 checksum: 1198340 7a25bfbf8be5a06fe49ab1c60e3e1aa3

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mipsel.deb

Size/MD5 checksum: 1353312 fb493b6a38d0c1c3c3d8ba4ac6445d8c

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mipsel.deb

Size/MD5 checksum: 61278 be5ad77f538097518a61bacfdb43f6f1

PowerPC architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_powerpc.deb

Size/MD5 checksum: 3980286 2e30f4f5b255e02cb1c3ccd5b903ee5c

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_powerpc.deb

Size/MD5 checksum: 2870050 ae157ed4b6887b1cbe7c8e96031cdc50

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_powerpc.deb

Size/MD5 checksum: 2821732 28fefa99550df3ea8669fef5d673ac87

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_powerpc.deb

Size/MD5 checksum: 1148836 31be5ee73ab206a6b1478b1774b3c1bc

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_powerpc.deb

Size/MD5 checksum: 1343770 4c7ad144576df8cf7ec0600dc3db1b7a

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_powerpc.deb

Size/MD5 checksum: 60310 b8231054deac769a91262010fd20ec8c

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_s390.deb

Size/MD5 checksum: 3937552 0a06a0800512d0c8c498dc73407e74d5

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_s390.deb

Size/MD5 checksum: 1229312 11ef3b4b76a1d11e08b61313e2eb5ace

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_s390.deb

Size/MD5 checksum: 2624946 a7dd12533f70a9b84e7dc4d5f6ce6004

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_s390.deb

Size/MD5 checksum: 1108534 881dc7501c54073766949a47f8060e15

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_s390.deb

Size/MD5 checksum: 1187536 e504a04c00f655373e573f55a82e12d7

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_s390.deb

Size/MD5 checksum: 61312 06d072845af84ffb1487e0eb75c5bfab

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 3863658 bc662d54a4174a3de369d3defeec2e4d

http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 2816612 ec8f0d6d5e23e27446eaf43d840098a5

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 2764334 f35d4dce282125476a800a0f79017a55

http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 1631776 798a588c7f300c0025d4b3b298d616b5

http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 1146738 a681d60dc0a75f0d30a1a274842a86b1

http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 1258388 551ef7b7b149e288c90e53fec19073e5

http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 4184798 9d62c1f3dfc942e8c41e4e3954dc712d

http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_sparc.deb

Size/MD5 checksum: 60220 0067b2de58cfd2663380220a489706c0

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: [email protected]

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200501-13


http://security.gentoo.org/


Severity: Normal
Title: pdftohtml: Vulnerabilities in included Xpdf
Date: January 10, 2005
Bugs: #75200
ID: 200501-13


Synopsis

pdftohtml includes vulnerable Xpdf code to handle PDF files,
making it vulnerable to execution of arbitrary code upon converting
a malicious PDF file.

Background

pdftohtml is a utility to convert PDF files to HTML or XML
formats. It makes use of Xpdf code to decode PDF files.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  app-text/pdftohtml      < 0.36-r2                      >= 0.36-r2

Description

Xpdf is vulnerable to integer overflows, as described in GLSA
200412-24.

Impact

An attacker could entice a user to convert a specially-crafted
PDF file, potentially resulting in the execution of arbitrary code
with the rights of the user running pdftohtml.

Workaround

There is no known workaround at this time.

Resolution

All pdftohtml users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/pdftohtml-0.36-r2"

References

[ 1 ] GLSA 200412-24

http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml

[ 2 ] CAN-2004-1125

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-13.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-22


http://security.gentoo.org/


Severity: High
Title: poppassd_pam: Unauthorized password changing
Date: January 11, 2005
Bugs: #75820
ID: 200501-22


Synopsis

poppassd_pam allows anyone to change any user’s password without
authenticating the user first.

Background

poppassd_pam is a PAM-enabled server for changing system
passwords that can be used to change POP server passwords.

Affected packages


     Package                 /  Vulnerable  /               Unaffected


net-mail/poppassd_ceti <= 1.0 >= 1.8.4 net-mail/poppassd_pam <= 1.0 Vulnerable!

Description

Gentoo Linux developer Marcus Hanwell discovered that
poppassd_pam did not check that the old password was valid before
changing passwords. Our investigation revealed that poppassd_pam
did not call pam_authenticate before calling pam_chauthtok.

Impact

A remote attacker could change the system password of any user,
including root. This leads to a complete compromise of the POP
accounts, and may also lead to a complete root compromise of the
affected server, if it also provides shell access authenticated
using system passwords.

Workaround

There is no known workaround at this time.

Resolution

All poppassd_pam users should migrate to the new package called
poppassd_ceti:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-mail/poppassd_ceti-1.8.4"

Note: Portage will automatically replace the poppassd_pam
package by the poppassd_ceti package.

References

[ 1 ] CAN-2005-0002

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0002

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-22.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-20


http://security.gentoo.org/


Severity: Normal
Title: o3read: Buffer overflow during file conversion
Date: January 11, 2005
Bugs: #74478
ID: 200501-20


Synopsis

A buffer overflow in o3read allows an attacker to execute
arbitrary code by way of a specially crafted XML file.

Background

o3read is a standalone converter for OpenOffice.org files. It
allows a user to dump the contents tree (o3read) and convert to
plain text (o3totxt) or to HTML (o3tohtml) Writer and Calc
files.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  app-text/o3read      <= 0.0.3                            >= 0.0.4

Description

Wiktor Kopec discovered that the parse_html function in o3read.c
copies any number of bytes into a 1024-byte t[] array.

Impact

Using a specially crafted file, possibly delivered by e-mail or
over the Web, an attacker may execute arbitrary code with the
permissions of the user running o3read.

Workaround

There is no known workaround at this time.

Resolution

All o3read users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"

References

[ 1 ] CAN-2004-1288

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1288

[ 2 ] Wiktor Kopec advisory

http://tigger.uic.edu/~jlongs2/holes/o3read.txt

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-20.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-21


http://security.gentoo.org/


Severity: Normal
Title: HylaFAX: hfaxd unauthorized login vulnerability
Date: January 11, 2005
Bugs: #75941
ID: 200501-21


Synopsis

HylaFAX is subject to a vulnerability in its username matching
code, potentially allowing remote users to bypass access control
lists.

Background

HylaFAX is a software package for sending and receiving
facsimile messages.

Affected packages


     Package           /  Vulnerable  /                     Unaffected

  1  net-misc/hylafax     < 4.2.0-r2                       >= 4.2.0-r2

Description

The code used by hfaxd to match a given username and hostname
with an entry in the hosts.hfaxd file is insufficiently protected
against malicious entries.

Impact

If the HylaFAX installation uses a weak hosts.hfaxd file, a
remote attacker could authenticate using a malicious username or
hostname and bypass the intended access restrictions.

Workaround

As a workaround, administrators may consider adding passwords to
all entries in the hosts.hfaxd file.

Resolution

All HylaFAX users should upgrade to the latest version:

    # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/hylafax-4.2.0-r2"

Note: Due to heightened security, weak entries in the
hosts.hfaxd file may no longer work. Please see the HylaFAX
documentation for details of accepted syntax in the hosts.hfaxd
file.

References

[ 1 ] CAN-2004-1182

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182

[ 2 ] HylaFAX Announcement


http://marc.theaimsgroup.com/?l=hylafax&m=110545119911558&w=2

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-21.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandrakelinux


Mandrakelinux Security Update Advisory


Package name: nfs-utils
Advisory ID: MDKSA-2005:005
Date: January 11th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1


Problem Description:

Arjan van de Ven discovered a buffer overflow in rquotad on
64bit architectures; an improper integer conversion could lead to a
buffer overflow. An attacker with access to an NFS share could send
a specially crafted request which could then lead to the execution
of arbitrary code.

The updated packages are provided to prevent this issue.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0946


Updated Packages:

Mandrakelinux 10.0:
71991bf34674e4bebd4870c24dce4929
10.0/RPMS/nfs-utils-1.0.6-2.2.100mdk.i586.rpm
1c6231362def3c56d747b3ccc22b7597
10.0/RPMS/nfs-utils-clients-1.0.6-2.2.100mdk.i586.rpm
bf52589c8d97f63f3024f90a79c201c9
10.0/SRPMS/nfs-utils-1.0.6-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
28bc6309e5488cd7bf294ae1a4ce68b2
amd64/10.0/RPMS/nfs-utils-1.0.6-2.2.100mdk.amd64.rpm
ed8b7dfa77200e5badb473678a91bb2a
amd64/10.0/RPMS/nfs-utils-clients-1.0.6-2.2.100mdk.amd64.rpm
bf52589c8d97f63f3024f90a79c201c9
amd64/10.0/SRPMS/nfs-utils-1.0.6-2.2.100mdk.src.rpm

Mandrakelinux 10.1:
bb7161793b2154c3e122adabaed9ed60
10.1/RPMS/nfs-utils-1.0.6-2.2.101mdk.i586.rpm
e219e85405758a9ef9511eacf4118e07
10.1/RPMS/nfs-utils-clients-1.0.6-2.2.101mdk.i586.rpm
7510d378225740169ae1a3dbaf0f223f
10.1/SRPMS/nfs-utils-1.0.6-2.2.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ed70043e2d95cbebc2cd12e0f973a29f
x86_64/10.1/RPMS/nfs-utils-1.0.6-2.2.101mdk.x86_64.rpm
7c086dfb028423e9105525111194aff5
x86_64/10.1/RPMS/nfs-utils-clients-1.0.6-2.2.101mdk.x86_64.rpm
7510d378225740169ae1a3dbaf0f223f
x86_64/10.1/SRPMS/nfs-utils-1.0.6-2.2.101mdk.src.rpm

Corporate Server 2.1:
cc1b1f4c8232db49f40df9117d2237f8
corporate/2.1/RPMS/nfs-utils-1.0.1-1.3.C21mdk.i586.rpm
8af58044e57d46921c0ad8745826d1dd
corporate/2.1/RPMS/nfs-utils-clients-1.0.1-1.3.C21mdk.i586.rpm
9d167452a31fc1e5ef4f43086f0d7b34
corporate/2.1/SRPMS/nfs-utils-1.0.1-1.3.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
c7f8d994d4d261d41f6bf246c280fb10
x86_64/corporate/2.1/RPMS/nfs-utils-1.0.1-1.3.C21mdk.x86_64.rpm
77be17723eb840715500edb3cf8c687b
x86_64/corporate/2.1/RPMS/nfs-utils-clients-1.0.1-1.3.C21mdk.x86_64.rpm

9d167452a31fc1e5ef4f43086f0d7b34
x86_64/corporate/2.1/SRPMS/nfs-utils-1.0.1-1.3.C21mdk.src.rpm

Mandrakelinux 9.2:
00f2319415647d9fa85926cc05271793
9.2/RPMS/nfs-utils-1.0.5-1.2.92mdk.i586.rpm
680ef7be663350d18ad5b7f94bbc2e21
9.2/RPMS/nfs-utils-clients-1.0.5-1.2.92mdk.i586.rpm
4a49c7508d166c62b6d76e7c1cccbacd
9.2/SRPMS/nfs-utils-1.0.5-1.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
c0e275ce5838575eda14efb2d582aefc
amd64/9.2/RPMS/nfs-utils-1.0.5-1.2.92mdk.amd64.rpm
779856f22f146342ab6e42c4f20acd95
amd64/9.2/RPMS/nfs-utils-clients-1.0.5-1.2.92mdk.amd64.rpm
4a49c7508d166c62b6d76e7c1cccbacd
amd64/9.2/SRPMS/nfs-utils-1.0.5-1.2.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis