---

Home Security

Security Digest: January 13, 2005

By

Conectiva Linux

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : krb5
SUMMARY : Fix for buffer overflow in libkadm5srv
DATE : 2005-01-13 11:56:00
ID : CLA-2005:917
RELEVANT RELEASES : 9, 10

DESCRIPTION
The “krb5” packages are MIT’s[1] implementation of the Kerberos 5
authentication protocol.

Michael Tautschnig noticed that the MIT Kerberos 5
administration library (libkadm5srv) contains a heap buffer
overflow[2] in password history handling code which could be
exploited by an authenticated user to execute arbitrary code on a
Key Distribution Center (KDC) host.

For further information about this vulnerability, please refer
to MIT krb5 Security Advisory 2004-004[3].

SOLUTION
It is recommended that all Kerberos users in Conectiva Linux
upgrade their packages. Please note that the service will be
automatically restarted after the upgrade if it was already
running.

Several applications can make use of the Kerberos libraries.
Those applications have to be restarted as well.

REFERENCES
1.http://web.mit.edu/Kerberos/www/index.html

2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189

3.http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-004-pwhist.txt

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/krb5-1.3.3-62470U10_3cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-apps-clients-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-apps-servers-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-client-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-devel-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-devel-static-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-doc-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/krb5-server-1.3.3-62470U10_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/SRPMS/krb5-1.2.7-28721U90_4cl.src.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-apps-clients-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-apps-servers-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-client-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-devel-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-devel-static-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-doc-1.2.7-28721U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/krb5-server-1.2.7-28721U90_4cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : ethereal
SUMMARY : Fixes for security vulnerabilities in ethereal
DATE : 2005-01-13 11:44:00
ID : CLA-2005:916
RELEVANT RELEASES : 9, 10

DESCRIPTION
Ethereal[1] is a powerful network traffic analyzer with a graphical
user interface (GUI).

This update fixes several vulnerabilities[2,3,4] in
ethereal:

CAN-2004-0633[5]: The iSNS dissector for ethereal 0.10.3 through
0.10.4 allows remote attackers to cause a denial of service
(process abort) via an integer overflow.

CAN-2004-0634[6]: The SMB SID snooping capability in ethereal
0.9.15 to 0.10.4 allows remote attackers to cause a denial of
service (process abort) via a handle without a policy name, which
causes a null dereference.

CAN-2004-0635[7]: The SNMP dissector in ethereal 0.8.15 through
0.10.4 allows remote attackers to cause a denial of service
(process abort) via a malformed request or by missing community
string, which causes an out-of-bounds read.

CAN-2004-0504[8]: ethereal 0.10.3 allows remote attackers to
cause a denial of service (crash) via certain SIP messages between
Hotsip servers and clients.

CAN-2004-0505[9]: The AIM dissector in ethereal 0.10.3 allows
remote attackers to cause a denial of service (assert error).

CAN-2004-0506[10]: The SPNEGO dissector in ethereal 0.9.8 to
0.10.3 allows remote attackers to cause a denial of service
(abort).

CAN-2004-0507[11]: Buffer overflow in the MMSE dissector for
ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial
of service and possibly execute arbitrary code.

CAN-2004-1139[12]: Matthew Bing found a problem in DICOM
dissection that could make Ethereal exit unexpectedly.

CAN-2004-1140[13]: An invalid RTP timestamp could make Ethereal
hang and create a large temporary file, possibly filling all
available disk space.

CAN-2004-1141[14]: The HTTP dissector could access
previously-freed memory, making Ethereal exit unexpectedly.

CAN-2004-1142[15]: Brian Caswell discovered that an improperly
formatted SMB packet could make Ethereal hang, maximizing CPU
utilization.

SOLUTION
It is recommended that all ethereal users upgrade their
packages.

REFERENCES
1.http://www.ethereal.com/
2.http://www.ethereal.com/appnotes/enpa-sa-00014.html

3.http://www.ethereal.com/appnotes/enpa-sa-00015.html

4.http://www.ethereal.com/appnotes/enpa-sa-00016.html

5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0633

6.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0634

7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0635

8.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0504

9.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0505

10.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0506

11.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0507

12.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1139

13.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1140

14.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1141

15.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1142

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/ethereal-0.10.8-62475U10_1cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-0.10.8-62475U10_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-common-0.10.8-62475U10_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-gtk-0.10.8-62475U10_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/ethereal-utils-0.10.8-62475U10_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/tethereal-0.10.8-62475U10_1cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/SRPMS/ethereal-0.10.8-73509U90_3cl.src.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-0.10.8-73509U90_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-common-0.10.8-73509U90_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-gtk-0.10.8-73509U90_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/ethereal-utils-0.10.8-73509U90_3cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/tethereal-0.10.8-73509U90_3cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

CONECTIVA LINUX SECURITY ANNOUNCEMENT

PACKAGE : php4
SUMMARY : Fixes for multiple php4 vulnerabilities
DATE : 2005-01-13 11:40:00
ID : CLA-2005:915
RELEVANT RELEASES : 9, 10

DESCRIPTION
PHP[1] is a very popular scripting language used by web servers to
offer dynamic content.

This announcement fixes seven vulnerabilities[2] found by Stefan
Esser and four other vulnerabilities. For further information,
please refer to php4’s changelog[3].

SOLUTION
It is recommended that all PHP4 users upgrade their packages.

IMPORTANT:
If PHP4 is being used as an Apache module, the web server has to be
restarted after the upgrade if it was already running. To do so,
please run, as root:

# service httpd stop

(wait a few seconds and check with “ps ax|grep httpd” if there
are any httpd processes running. On a busy webserver this could
take a little longer.)

# service httpd start

REFERENCES
1.http://www.php.net/
2.http://www.hardened-php.net/advisories/012004.txt

3.http://www.php.net/release_4_3_10.php

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/php4-4.3.10-72720U10_5cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-dba-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-devel-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-doc-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-doc-es-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-doc-pt_BR-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-imap-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-ldap-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mcrypt-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mhash-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mnogosearch-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mssql-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-mysql-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-odbc-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-pgsql-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-snmp-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-sybase-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/php4-sybase-ct-4.3.10-72720U10_5cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/SRPMS/php4-4.3.10-26997U90_4cl.src.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-devel-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-es-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-doc-pt_BR-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-imap-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-ldap-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-mcrypt-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-mysql-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-odbc-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-pgsql-4.3.10-26997U90_4cl.i386.rpm


ftp://atualizacoes.conectiva.com.br/9/RPMS/php4-snmp-4.3.10-26997U90_4cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Debian GNU/Linux

Debian Security Advisory DSA 637-1 [email protected]
http://www.debian.org/security/
Martin Schulze
January 13th, 2005 http://www.debian.org/security/faq

Package : exim-tls
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0021
Debian Bug : 289046

Philip Hazel announced a buffer overflow in the host_aton
function in exim-tls, the SSL-enabled version of the default
mail-tranport-agent in Debian, which can lead to the execution of
arbitrary code via an illegal IPv6 address.

For the stable distribution (woody) this problem has been fixed
in version 3.35-3woody3.

In the unstable distribution (sid) this package does not exist
anymore.

We recommend that you upgrade your exim-tls package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.dsc

Size/MD5 checksum: 677 059e83c496e959d01bcca0a11637b017

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3.diff.gz

Size/MD5 checksum: 80492 90d594f60ae815a780faa5f9c9d1859d

http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35.orig.tar.gz

Size/MD5 checksum: 1271057 42d362e40a21bd7ffc298f92c8bd986a

Alpha architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_alpha.deb

Size/MD5 checksum: 873682 935e1dddb27a713d562b905c2951dea7

ARM architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_arm.deb

Size/MD5 checksum: 784148 c97ded116303fe5ee1c4a9f741350c58

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_i386.deb

Size/MD5 checksum: 759442 1477e25fe953ee209ec86a67a59306ba

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_ia64.deb

Size/MD5 checksum: 974058 74cd3707971105a75398a0ce46e4bb80

HP Precision architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_hppa.deb

Size/MD5 checksum: 814316 56d73dab6e0bbd4df6068c5f9f065491

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_m68k.deb

Size/MD5 checksum: 736730 ba35f1bd8dcfaf6ef9f35aded9176cab

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mips.deb

Size/MD5 checksum: 824408 0f8af4bf6f39d1dbb10e05e5717e3115

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_mipsel.deb

Size/MD5 checksum: 825160 abfc0dc6c75fc7fafba89f6673bd1913

PowerPC architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_powerpc.deb

Size/MD5 checksum: 792574 f8c3a2d72890f766a72a6ddc39f2ea31

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_s390.deb

Size/MD5 checksum: 779236 aca9521a7b347d291e158a919cca0ed5

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/e/exim-tls/exim-tls_3.35-3woody3_sparc.deb

Size/MD5 checksum: 782800 5e3a9478dc77a0943ce0c41611973c95

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 638-1 [email protected]
http://www.debian.org/security/
Martin Schulze
January 13th, 2005 http://www.debian.org/security/faq

Package : gopher
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0560 CAN-2004-0561

“jaguar” has discovered two security relevant problems in
gopherd, the Gopher server in Debian which is part of the gopher
package. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CAN-2004-0560

An integer overflow can happen when posting content of a
specially calculated size.

CAN-2004-0561

A format string vulnerability has been found in the log
routine.

For the stable distribution (woody) these problems have been
fixed in version 3.0.3woody2.

The unstable distribution (sid) does not contain a gopherd
package. It has been replaced by Pygopherd.

We recommend that you upgrade your gopherd package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2.dsc

Size/MD5 checksum: 552 8ca5e42b27ee90a38e94bf9a6970c66c

http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2.tar.gz

Size/MD5 checksum: 508697 f6c925530ffbf8bf5cfcab97f04f9d1f

Alpha architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_alpha.deb

Size/MD5 checksum: 151380 cc2a882cde9216d6a23f7cd6c9f90623

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_alpha.deb

Size/MD5 checksum: 120180 d0b221cf1f583be4b051f0a8e82a11c3

ARM architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_arm.deb

Size/MD5 checksum: 114646 a27be2be4a1572fba35d959f01023888

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_arm.deb

Size/MD5 checksum: 98678 9313f132ea75b7dd6a855cd43c1e3c9f

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_i386.deb

Size/MD5 checksum: 112528 e687f76519118d0ea5b3c6cb579db286

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_i386.deb

Size/MD5 checksum: 96886 2c0b651d2d00bd8c805c319ad8c33866

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_ia64.deb

Size/MD5 checksum: 173718 2bf3e4b86029c74635a084c1eede9787

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_ia64.deb

Size/MD5 checksum: 139836 2b9440218cb621c60dad5495e0820301

HP Precision architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_hppa.deb

Size/MD5 checksum: 129848 be292cc2310c1acb7d68e5209009c7bd

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_hppa.deb

Size/MD5 checksum: 109810 081dbee8c04697ff7102060a03fed127

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_m68k.deb

Size/MD5 checksum: 105758 3e4a75b833f9c0ef1c205997c1034019

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_m68k.deb

Size/MD5 checksum: 91926 703284910206b8b5cb191e946d27dd12

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_mips.deb

Size/MD5 checksum: 130832 8593601cee3ac10b726b8a5fda187594

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_mips.deb

Size/MD5 checksum: 109556 51cc6daa4ed07de0d48da154af788a59

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_mipsel.deb

Size/MD5 checksum: 130846 c12d42a4030b8f48f0c10d52c8a9a4e3

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_mipsel.deb

Size/MD5 checksum: 109464 8a53bdb7a6884680eefc6513fdaa47ff

PowerPC architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_powerpc.deb

Size/MD5 checksum: 121114 5a4a7d7816b5a07fad0f332f586779db

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_powerpc.deb

Size/MD5 checksum: 102828 ce470ddb1885a029489353bbab62703d

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_s390.deb

Size/MD5 checksum: 116304 1b87e909f94aa8c1123b41c126fb7d3f

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_s390.deb

Size/MD5 checksum: 99904 213c3b6ece4d0db0c23ac17548626677

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody2_sparc.deb

Size/MD5 checksum: 121968 06b5d848a5abf676485b7012b84f5dce

http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody2_sparc.deb

Size/MD5 checksum: 102190 2243fe4cde92498111781de8ea7af932

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main Mailing list: [email protected]
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux

Gentoo Linux Security Advisory GLSA 200501-23

http://security.gentoo.org/

Severity: High
Title: Exim: Two buffer overflows
Date: January 12, 2005
Bugs: #76893
ID: 200501-23

Synopsis

Buffer overflow vulnerabilities, which could lead to arbitrary
code execution, have been found in the handling of IPv6 addresses
as well as in the SPA authentication mechanism in Exim.

Background

Exim is an highly configurable message transfer agent (MTA)
developed at the University of Cambridge.

Affected packages

     Package        /  Vulnerable  /                        Unaffected

  1  mail-mta/exim      < 4.43-r2                           >= 4.43-r2

Description

Buffer overflows have been found in the host_aton() function
(CAN-2005-0021) as well as in the spa_base64_to_bits() function
(CAN-2005-0022), which is part of the SPA authentication code.

Impact

A local attacker could trigger the buffer overflow in
host_aton() by supplying an illegal IPv6 address with more than 8
components, using a command line option. The second vulnerability
could be remotely exploited during SPA authentication, if it is
enabled on the server. Both buffer overflows can potentially lead
to the execution of arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All Exim users should upgrade to the latest version:

References

[ 1 ] Exim Announcement


http://www.exim.org/mail-archives/exim-announce/2005/msg00000.html

[2] CAN-2005-0021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0021

[ 3 ] CAN-2005-0022

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0022

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-23.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

LBA-Linux

LBA-Linux Security Advisory

Subject: Updated squid package for LBA-Linux R2
Advisory ID: LBASA-2004:56
Date: Thursday, January 13, 2005
Product: LBA-Linux R2

Problem description:

buffer overflow bug in gopherToHTML()
A malicious gopher server may return a response with very long
lines that cause a buffer overflow in Squid.

Denial of service with forged WCCP messages WCCP_I_SEE_YOU
messages contain a ‘number of caches’ field which should be between
1 and 32. Values outside that range may crash Squid if WCCP is
enabled, and if an attacker can spoof UDP packets with the WCCP
router’s IP address.

Updated packages:

LBA-Linux R2:

i386:

ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/squid-2.5.STABLE5-5.lba.5.i386.rpm

Upgrading your system:

To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:

  1. Log in to your LBA-Linux desktop as the root user.
  2. Click on the penguin icon at the lower left of the display, and
    select the menu item SYSTEM TOOLS>UPDATER.
  3. Click on the item named squid to highlight it.
  4. Click on the PACKAGE menu in the menu bar, and select the
    UPGRADE action.
  5. Confirm the upgrade by clicking the APPLY button in Updater’s
    main toolbar.

References:


http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-gopher_html_parsing


http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_denial_of_service

Copyright(c) 2001-2004 SOT

To view previous security advisories for LBA-Linux R2, or to
unsubscribe from this email notification service, visit: http://www.sotlinux.org/en/lbalinux/sa/

Mandrakelinux

Mandrakelinux Security Update Advisory

Package name: imlib
Advisory ID: MDKSA-2005:007
Date: January 12th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1

Problem Description:

Pavel Kankovsky discovered several heap overflow flaw in the
imlib image handler. An attacker could create a carefully crafted
image file in such a way that it could cause an application linked
with imlib to execute arbitrary code when the file was opened by a
user (CAN-2004-1025).

As well, Pavel also discovered several integer overflows in
imlib. These could allow an attacker, creating a carefully crafted
image file, to cause an application linked with imlib to execute
arbitrary code or crash (CAN-2004-1026).

The updated packages have been patched to prevent these
problems.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1025

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1026

Updated Packages:

Mandrakelinux 10.0:
bd7bbc47dfdf26b04d510c6b030b3cac
10.0/RPMS/imlib-1.9.14-8.2.100mdk.i586.rpm
f204804429ead96fa2f90f5b8a531571
10.0/RPMS/imlib-cfgeditor-1.9.14-8.2.100mdk.i586.rpm
ac82e42545e886d3e1362d0af8834d71
10.0/RPMS/libimlib1-1.9.14-8.2.100mdk.i586.rpm
0d824361bc7b789a4b244be0be5b20ef
10.0/RPMS/libimlib1-devel-1.9.14-8.2.100mdk.i586.rpm
7d6cb872bed064d54dba0d631eb9b673
10.0/RPMS/libimlib2_1-1.0.6-4.2.100mdk.i586.rpm
71ab28571ee2bbff24c7396881e7d51e
10.0/RPMS/libimlib2_1-devel-1.0.6-4.2.100mdk.i586.rpm
ecc8bda60ab924afe42f4eb5834bf42c
10.0/RPMS/libimlib2_1-filters-1.0.6-4.2.100mdk.i586.rpm
f2946cf510224a452cc928f5546ff1f0
10.0/RPMS/libimlib2_1-loaders-1.0.6-4.2.100mdk.i586.rpm
9382c1d6bce0884340042fa9e525fd08
10.0/SRPMS/imlib-1.9.14-8.2.100mdk.src.rpm
7698695bd2daa38fba1612c1e91a5b3a
10.0/SRPMS/imlib2-1.0.6-4.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
3e37213ffc4b149e26e5e6a88912ecae
amd64/10.0/RPMS/imlib-1.9.14-8.2.100mdk.amd64.rpm
b14f75972c2ab469b800e7b6cdc90c55
amd64/10.0/RPMS/imlib-cfgeditor-1.9.14-8.2.100mdk.amd64.rpm
bca21d96eab3e80d6be9d4b5628b0690
amd64/10.0/RPMS/lib64imlib1-1.9.14-8.2.100mdk.amd64.rpm
59a9d02a3108a833b42b43b84efd6aa3
amd64/10.0/RPMS/lib64imlib1-devel-1.9.14-8.2.100mdk.amd64.rpm
d14d300215f734dc6eafb63c78957399
amd64/10.0/RPMS/lib64imlib2_1-1.0.6-4.2.100mdk.amd64.rpm
46656504ac97b356c559134b718ad65b
amd64/10.0/RPMS/lib64imlib2_1-devel-1.0.6-4.2.100mdk.amd64.rpm
6f2bbe8bef5bd694a6b062f0dfa50667
amd64/10.0/RPMS/lib64imlib2_1-filters-1.0.6-4.2.100mdk.amd64.rpm

98279179853713a4ff3e328275d39c9f
amd64/10.0/RPMS/lib64imlib2_1-loaders-1.0.6-4.2.100mdk.amd64.rpm

9382c1d6bce0884340042fa9e525fd08
amd64/10.0/SRPMS/imlib-1.9.14-8.2.100mdk.src.rpm
7698695bd2daa38fba1612c1e91a5b3a
amd64/10.0/SRPMS/imlib2-1.0.6-4.2.100mdk.src.rpm

Mandrakelinux 10.1:
b804394b67f0b9bb15c1a2704f20b8fd
10.1/RPMS/imlib-1.9.14-10.1.101mdk.i586.rpm
5dbd8093bb1c95dcf04d1e3cafee8379
10.1/RPMS/imlib-cfgeditor-1.9.14-10.1.101mdk.i586.rpm
74fe1d864ceaf4b1f9915dbc65fc837d
10.1/RPMS/libimlib1-1.9.14-10.1.101mdk.i586.rpm
c0392b410caf1fe46414cc4ce5d5c502
10.1/RPMS/libimlib1-devel-1.9.14-10.1.101mdk.i586.rpm
e16941d022d2b244f58c538d096f9197
10.1/RPMS/libimlib2_1-1.1.0-4.1.101mdk.i586.rpm
2ad468fc89027a25fccf0b2264ab3846
10.1/RPMS/libimlib2_1-devel-1.1.0-4.1.101mdk.i586.rpm
a98356b5cc103684758a82779b16d9b3
10.1/RPMS/libimlib2_1-filters-1.1.0-4.1.101mdk.i586.rpm
801a3eb303cc342880166557697479c6
10.1/RPMS/libimlib2_1-loaders-1.1.0-4.1.101mdk.i586.rpm
e6bd5e4f0bc5978fb3a8d26ae5c5dd72
10.1/SRPMS/imlib-1.9.14-10.1.101mdk.src.rpm
f096122ff3f7446a973f82569ce6d19b
10.1/SRPMS/imlib2-1.1.0-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
42e81c0bad99a2a9eff7fff43b38de2f
x86_64/10.1/RPMS/imlib-1.9.14-10.1.101mdk.x86_64.rpm
35b869d568d1b0cce730ef4f3c5d2f71
x86_64/10.1/RPMS/imlib-cfgeditor-1.9.14-10.1.101mdk.x86_64.rpm
ddf5381735f1ed8ed482d179a9c42de1
x86_64/10.1/RPMS/lib64imlib1-1.9.14-10.1.101mdk.x86_64.rpm
583fdf2bf60cc87927db70af044238ff
x86_64/10.1/RPMS/lib64imlib1-devel-1.9.14-10.1.101mdk.x86_64.rpm

99011882872248e9c9aef49eb78fe683
x86_64/10.1/RPMS/lib64imlib2_1-1.1.0-4.1.101mdk.x86_64.rpm
aa42db65e9630f21240c147ca4922127
x86_64/10.1/RPMS/lib64imlib2_1-devel-1.1.0-4.1.101mdk.x86_64.rpm

320cf06b9011f6825604d9592df0d5d7
x86_64/10.1/RPMS/lib64imlib2_1-filters-1.1.0-4.1.101mdk.x86_64.rpm

010da67dacee54bf6cde18d2324ff96a
x86_64/10.1/RPMS/lib64imlib2_1-loaders-1.1.0-4.1.101mdk.x86_64.rpm

e6bd5e4f0bc5978fb3a8d26ae5c5dd72
x86_64/10.1/SRPMS/imlib-1.9.14-10.1.101mdk.src.rpm
f096122ff3f7446a973f82569ce6d19b
x86_64/10.1/SRPMS/imlib2-1.1.0-4.1.101mdk.src.rpm

Corporate Server 2.1:
ab41a6e06b2c394050ddeb285f621695
corporate/2.1/RPMS/imlib-1.9.14-5.2.C21mdk.i586.rpm
9d05176150bdf59ceecf40241a1631f5
corporate/2.1/RPMS/imlib-cfgeditor-1.9.14-5.2.C21mdk.i586.rpm
52b5c874ee7e144d85039aa49682ad3f
corporate/2.1/RPMS/libimlib1-1.9.14-5.2.C21mdk.i586.rpm
e260cdadcdf523def0d4b66115b8320a
corporate/2.1/RPMS/libimlib1-devel-1.9.14-5.2.C21mdk.i586.rpm
1c12ac001c73155f2e923816da7047c0
corporate/2.1/RPMS/libimlib2_1-1.0.5-2.2.C21mdk.i586.rpm
70a4a84f76bbb393df69b4ab117cdbb6
corporate/2.1/RPMS/libimlib2_1-devel-1.0.5-2.2.C21mdk.i586.rpm
264d82ddd09ebf4c1ae1fdb88e794f40
corporate/2.1/RPMS/libimlib2_1-filters-1.0.5-2.2.C21mdk.i586.rpm

a847cb7487e25a62748b7ee266984a0e
corporate/2.1/RPMS/libimlib2_1-loaders-1.0.5-2.2.C21mdk.i586.rpm

ca39e30856216675d571f9f9f9a2b4be
corporate/2.1/SRPMS/imlib-1.9.14-5.2.C21mdk.src.rpm
e7e6f332b38fd76ec211fbbc46212a50
corporate/2.1/SRPMS/imlib2-1.0.5-2.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
fa90e46be3192cbab1a1444624ca40a5
x86_64/corporate/2.1/RPMS/imlib-1.9.14-5.2.C21mdk.x86_64.rpm
9c5aef1f71673548fcdc9b3206941837
x86_64/corporate/2.1/RPMS/imlib-cfgeditor-1.9.14-5.2.C21mdk.x86_64.rpm

15d184b211666b7276e0a1300b669649
x86_64/corporate/2.1/RPMS/libimlib1-1.9.14-5.2.C21mdk.x86_64.rpm

cf09dfd10b3cbf2685e4c6584eddee9e
x86_64/corporate/2.1/RPMS/libimlib1-devel-1.9.14-5.2.C21mdk.x86_64.rpm

0f23c5a1360a652e38f7c01311b4a79e
x86_64/corporate/2.1/RPMS/libimlib2_1-1.0.5-2.2.C21mdk.x86_64.rpm

ab887e8c51e6576b2669cc9221573e2e
x86_64/corporate/2.1/RPMS/libimlib2_1-devel-1.0.5-2.2.C21mdk.x86_64.rpm

8f53044bc07b6426b425fc9593f893fb
x86_64/corporate/2.1/RPMS/libimlib2_1-filters-1.0.5-2.2.C21mdk.x86_64.rpm

cb4f6b69b23b18b10412e85446339597
x86_64/corporate/2.1/RPMS/libimlib2_1-loaders-1.0.5-2.2.C21mdk.x86_64.rpm

ca39e30856216675d571f9f9f9a2b4be
x86_64/corporate/2.1/SRPMS/imlib-1.9.14-5.2.C21mdk.src.rpm
e7e6f332b38fd76ec211fbbc46212a50
x86_64/corporate/2.1/SRPMS/imlib2-1.0.5-2.2.C21mdk.src.rpm

Mandrakelinux 9.2:
79bdc3aa16d848940ed1cf94e19887a8
9.2/RPMS/imlib-1.9.14-8.2.92mdk.i586.rpm
72df820a8b61c902e2a6332c99aab1c4
9.2/RPMS/imlib-cfgeditor-1.9.14-8.2.92mdk.i586.rpm
a2b76c722b5ae0007a6ad59bc31cfb8d
9.2/RPMS/libimlib1-1.9.14-8.2.92mdk.i586.rpm
441bf743e1762a8a0743058af6ac57ca
9.2/RPMS/libimlib1-devel-1.9.14-8.2.92mdk.i586.rpm
d70303d4fcd33aa96623d126fddcaaa7
9.2/RPMS/libimlib2_1-1.0.6-4.2.92mdk.i586.rpm
3cd32605bfdcf4c500716cd7d5b7a3e7
9.2/RPMS/libimlib2_1-devel-1.0.6-4.2.92mdk.i586.rpm
62b1faf5b90cd88f17e18d5a7d38c641
9.2/RPMS/libimlib2_1-filters-1.0.6-4.2.92mdk.i586.rpm
0d939526721cfe411ee5ef785de2b0d3
9.2/RPMS/libimlib2_1-loaders-1.0.6-4.2.92mdk.i586.rpm
40f1dd9fd95b30eba31a44394e2b73c2
9.2/SRPMS/imlib-1.9.14-8.2.92mdk.src.rpm
7ad3b6b6914332ca7c344df43814465f
9.2/SRPMS/imlib2-1.0.6-4.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
25edf03f98c07e50d6be3feabcc65738
amd64/9.2/RPMS/imlib-1.9.14-8.2.92mdk.amd64.rpm
8ad4f7a5276450271a3497e0eda5b172
amd64/9.2/RPMS/imlib-cfgeditor-1.9.14-8.2.92mdk.amd64.rpm
5dd09c5e9c63016451162ae3ec73fd58
amd64/9.2/RPMS/lib64imlib1-1.9.14-8.2.92mdk.amd64.rpm
40cd5079caa745125e8160de58bd64fe
amd64/9.2/RPMS/lib64imlib1-devel-1.9.14-8.2.92mdk.amd64.rpm
fbf581720a50a7cc8052da20f63de75f
amd64/9.2/RPMS/lib64imlib2_1-1.0.6-4.2.92mdk.amd64.rpm
e37d711c09e62f40965c37316fd67f0b
amd64/9.2/RPMS/lib64imlib2_1-devel-1.0.6-4.2.92mdk.amd64.rpm
2bda7e59415e5774cd68f2b2a080c1a7
amd64/9.2/RPMS/lib64imlib2_1-filters-1.0.6-4.2.92mdk.amd64.rpm
26e31fe0f48212b698cd612dba1a7c5a
amd64/9.2/RPMS/lib64imlib2_1-loaders-1.0.6-4.2.92mdk.amd64.rpm
40f1dd9fd95b30eba31a44394e2b73c2
amd64/9.2/SRPMS/imlib-1.9.14-8.2.92mdk.src.rpm
7ad3b6b6914332ca7c344df43814465f
amd64/9.2/SRPMS/imlib2-1.0.6-4.2.92mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Mandrakelinux Security Update Advisory

Package name: hylafax
Advisory ID: MDKSA-2005:006
Date: January 12th, 2005
Affected versions: 10.0, 10.1

Problem Description:

Patrice Fournier discovered a vulnerability in the authorization
sub-system of hylafax. A local or remote user guessing the contents
of the hosts.hfaxd database could gain unauthorized access to the
fax system.

The updated packages are provided to prevent this issue. Note
that the packages included with Corporate Server 2.1 do not require
this fix.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1182

Updated Packages:

Mandrakelinux 10.0:
ee579763c8d03a6700ed952b9ccec832
10.0/RPMS/hylafax-4.1.8-2.1.100mdk.i586.rpm
342f2d7f890f2b31ef689eb0a308dee4
10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.i586.rpm
998f0ad4665e364c607fae0d87bf6e63
10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.i586.rpm
5113375fd58490f64f6b5c0293780a79
10.0/RPMS/libhylafax4.1.1-4.1.8-2.1.100mdk.i586.rpm
996a95af88ca9ab77371448957b7271f
10.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.1.100mdk.i586.rpm
3530b9962aa58309aa59c1fd355d23ac
10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
8b37c55f1eaadd9c4a0645c43b4ad25c
amd64/10.0/RPMS/hylafax-4.1.8-2.1.100mdk.amd64.rpm
cb3290ee2bf666ed51e427e59829459d
amd64/10.0/RPMS/hylafax-client-4.1.8-2.1.100mdk.amd64.rpm
05451b45a4036f314933d15b755ea8d7
amd64/10.0/RPMS/hylafax-server-4.1.8-2.1.100mdk.amd64.rpm
35310391ebce8f0a4085ed6b7d2ccd04
amd64/10.0/RPMS/lib64hylafax4.1.1-4.1.8-2.1.100mdk.amd64.rpm
d1b71635033b9e72c86057a0f156c544
amd64/10.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.1.100mdk.amd64.rpm

3530b9962aa58309aa59c1fd355d23ac
amd64/10.0/SRPMS/hylafax-4.1.8-2.1.100mdk.src.rpm

Mandrakelinux 10.1:
2cbc9e6bd58daf7d2d15f6091416ca23
10.1/RPMS/hylafax-4.2.0-1.1.101mdk.i586.rpm
80cf2d108124ebab09f2d92ffd3e2391
10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.i586.rpm
b4e98805f61130b91b5cc98ba886af89
10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.i586.rpm
5afec8caa3b77932c27d032e21a0eeed
10.1/RPMS/libhylafax4.2.0-4.2.0-1.1.101mdk.i586.rpm
e5aafca41da67cacdef699983d81f3f0
10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.1.101mdk.i586.rpm
1fae0a459f3dce423c904ab262921cba
10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ccfce91efcd9e16651a6bb2995a2cc78
x86_64/10.1/RPMS/hylafax-4.2.0-1.1.101mdk.x86_64.rpm
6fd803abc59ec7d04f289d3aca50bd25
x86_64/10.1/RPMS/hylafax-client-4.2.0-1.1.101mdk.x86_64.rpm
b7ee9463f3bdf38fa1c1f5271d1d4022
x86_64/10.1/RPMS/hylafax-server-4.2.0-1.1.101mdk.x86_64.rpm
394b51eaef66c424ce9d448dd4ab237e
x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.1.101mdk.x86_64.rpm
75fbf7eb72ba172e204612580e58b2f1
x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.1.101mdk.x86_64.rpm

1fae0a459f3dce423c904ab262921cba
x86_64/10.1/SRPMS/hylafax-4.2.0-1.1.101mdk.src.rpm

To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

Trustix Secure Linux

Trustix Secure Linux Security Advisory #2005-0001

Package name: fcron, kernel
Summary: Security
Date: 2005-01-13
Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux
2.2 Trustix Operating System – Enterprise Server 2

Package description:
fcron:
Fcron is a scheduler. It is used to run specified tasks at
specified times.

kernel:
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.

Problem description:
fcron:
Security vulnerabilites have been found in fcronsighup, the program
used by fcrontab to tell fcron it should reload its configuration.
Fcron 2.9.5.1 fixes the reported bugs and improves fcronsighup’s
overall security.

kernel:
Paul Starzetz discovered an exploitable flaw in the page fault
handler. This only affects SMP kernels.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0001 to this issue.

Paul Starzetz discovered an exploitable flaw in the binary
loaders for ELF and a.out.
The Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2004-1235 and CAN-2004-1074 to this issue.

Chris Wright fixed a user triggerable BUG() when a user created
a large vma that overlapped with arg pages during exec. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0003 to this issue.

Action:
We recommend that all systems with this package installed be
upgraded. Please note that if you do not need the functionality
provided by this package, you may want to remove it from your
system.

Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>

<URI:ftp://ftp.trustix.org/pub/trustix/updates/>

About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers.
With focus on security and stability, the system is painlessly kept
safe and up to date from day one using swup, the automated software
updater.

Automatic updates:
Users of the SWUP tool can enjoy having updates automatical

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.