---

Security Digest: January 18, 2005

Conectiva Linux


CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE : twiki
SUMMARY : Fix for twiki remote vulnerability
DATE : 2005-01-14 10:51:00
ID : CLA-2005:918
RELEVANT RELEASES : 10


DESCRIPTION
TWiki[1] is a flexible, powerful, and easy to use enterprise
collaboration platform.

A vulnerability in twiki was found where a remote attacker could
exploit it to run arbitrary shell commands on the server. For
further information on this vulnerability, please, refer to the
authors’ announcement[2].

SOLUTION
It is recommended that all twiki users upgrade their packages.

REFERENCES
1.http://www.twiki.org/
2.http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch

UPDATED PACKAGES

ftp://atualizacoes.conectiva.com.br/10/SRPMS/twiki-20040507beta-61534U10_1cl.src.rpm


ftp://atualizacoes.conectiva.com.br/10/RPMS/twiki-20040507beta-61534U10_1cl.i386.rpm

ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

  • run: apt-get update
  • after that, execute: apt-get upgrade

Detailed instructions regarding the use of apt and upgrade
examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en


All packages are signed with Conectiva’s GPG key. The key and
instructions on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can
be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en


All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en


Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

Debian GNU/Linux


Debian Security Advisory DSA 640-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq


Package : gatos
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0016

Erik S. discovered a buffer overflow in xatitv, one of the
programs in the gatos package, that is used to display video with
certain ATI video cards. xatitv is installed setuid root in order
to gain direct access to the video hardware.

For the stable distribution (woody) this problem has been fixed
in version 0.0.5-6woody3.

For the unstable distribution (sid) this problem has been fixed
in version 0.0.5-15.

We recommend that you upgrade your gatos package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3.dsc

Size/MD5 checksum: 629 0005020205c97ebd6f2efdf146846c15

http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3.diff.gz

Size/MD5 checksum: 40976 34933c1e1da0fbb172ab919e23b68e02

http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5.orig.tar.gz

Size/MD5 checksum: 483916 9c16631afc933bde6f5d5e1421efddb7

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3_i386.deb

Size/MD5 checksum: 148110 2d2e9c2ba2d429175cab205c6ce6860d

http://security.debian.org/pool/updates/main/g/gatos/libgatos-dev_0.0.5-6woody3_i386.deb

Size/MD5 checksum: 109748 4c1d0a17839934a2c818e314c5d7d3b2

http://security.debian.org/pool/updates/main/g/gatos/libgatos0_0.0.5-6woody3_i386.deb

Size/MD5 checksum: 75460 bc27c6c2ec12dab3b6b3e164ee8f05f2

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 643-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 18th, 2005 http://www.debian.org/security/faq


Package : queue
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0555

“jaguar” of the Debian Security Audit Project has discovered
several buffer overflows in queue, a transparent load balancing
system.

For the stable distribution (woody) these problems have been
fixed in version 1.30.1-4woody2.

For the unstable distribution (sid) these problems have been
fixed in version 1.30.1-5.

We recommend that you upgrade your queue package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2.dsc

Size/MD5 checksum: 582 24c706e1af4baa9e8ac3dc02c8d72dce

http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2.diff.gz

Size/MD5 checksum: 42917 cb036472a17be964822cd1748dff9c5f

http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1.orig.tar.gz

Size/MD5 checksum: 699770 82dd2a37f9c3d5f977afc0a990c9c648

Alpha architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_alpha.deb

Size/MD5 checksum: 134242 cf2f009836139723d0b9eeccf6497e89

ARM architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_arm.deb

Size/MD5 checksum: 112840 f2ee06cf9103664ae7dd631ff9cc5173

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_i386.deb

Size/MD5 checksum: 108874 777f71c6cf3136e7143094f9ba4507f7

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_ia64.deb

Size/MD5 checksum: 151766 caa6d74226f7ad6ebfbb50402b366693

HP Precision architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_hppa.deb

Size/MD5 checksum: 116304 145964aa0dfd6fe42f6a67104af370a5

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_m68k.deb

Size/MD5 checksum: 105868 d9035e0b49e56257444d1445b9f2b48a

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_mips.deb

Size/MD5 checksum: 117588 1d67e473d49dcfc3e6b8c083976ee22a

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_mipsel.deb

Size/MD5 checksum: 118012 721e4a42ae02098ff7acd6fbe60934c7

PowerPC architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_powerpc.deb

Size/MD5 checksum: 112670 a294d33370973324ef46a8beaf20880a

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_s390.deb

Size/MD5 checksum: 112492 799fe37a8371ab10c4fb78298b054b8e

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/q/queue/queue_1.30.1-4woody2_sparc.deb

Size/MD5 checksum: 123792 6a6685be2847e8c50c71712b80b05c2c

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 644-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 18th, 2005 http://www.debian.org/security/faq


Package : chbg
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-1264
Debian Bug : 285904

Danny Lungstrom discoverd a vulnerability in chbg, a tool to
change background pictures. A maliciously crafted
configuration/scenario file could overflow a buffer and lead to the
execution of arbitrary code on the victim’s machine.

For the stable distribution (woody) this problem has been fixed
in version 1.5-1woody1.

For the unstable distribution (sid) this problem has been fixed
in version 1.5-4.

We recommend that you upgrade your chbg package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc

Size/MD5 checksum: 600 3cb28b61fb97dca63f09a486dae5612f

http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz

Size/MD5 checksum: 3612 08098cf0fec406380e968186766de027

http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz

Size/MD5 checksum: 322878 4a158c94c25b359c86da1de9ef3e986b

Alpha architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb

Size/MD5 checksum: 294456 afd6ce377d43c0df909d955e04c328cd

ARM architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb

Size/MD5 checksum: 247338 878c528ab81decd999503ad47557fc4a

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb

Size/MD5 checksum: 244862 d3a09b86dfc44164c541cda2eb66ce66

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb

Size/MD5 checksum: 345228 e4b9ae6b9da9c34d5a930727bdfc1a44

HP Precision architecture:

Cannot be updated due to compiler error.

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb

Size/MD5 checksum: 222916 7dce4c0b3ae27f624ee472bd153d5c66

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb

Size/MD5 checksum: 249054 66402b53b158bfa0b2144b6b97b1d794

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb

Size/MD5 checksum: 247536 769f5074ad1f4b148191d0e196d01778

PowerPC architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb

Size/MD5 checksum: 271272 f6b03b2a05de42ee203d7d9cbfe7c468

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb

Size/MD5 checksum: 239098 f20c7b0e36ecfc4540d3673f4ec477dd

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb

Size/MD5 checksum: 263302 28df5318e314bbaf79493b485aa6cffa

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 641-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq


Package : playmidi
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0020

Erik Sjölund discovered that playmidi, a MIDI
player, contains a setuid root program with a buffer overflow that
can be exploited by a local attacker.

For the stable distribution (woody) this problem has been fixed
in version 2.4-4woody1.

For the unstable distribution (sid) this problem has been fixed
in version 2.4debian-3.

We recommend that you upgrade your playmidi package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1.dsc

Size/MD5 checksum: 660 27266405df049e3ad78449aa26359180

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1.diff.gz

Size/MD5 checksum: 11116 5593e29fbf22ee00c6ea1d2cc4fccd9d

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4.orig.tar.gz

Size/MD5 checksum: 146742 04efb0826324bce1d93228c77d52f911

Alpha architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_alpha.deb

Size/MD5 checksum: 151852 60b96643f5810f39bf0f7c8344bad727

ARM architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_arm.deb

Size/MD5 checksum: 142944 6df41fcb7eadb971547306b81c3d04e0

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_i386.deb

Size/MD5 checksum: 152556 07ed83461c1895ee6e473f72aef321c7

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_ia64.deb

Size/MD5 checksum: 168568 91ca1e75e685edba1cd280e2b7b57aae

HP Precision architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_hppa.deb

Size/MD5 checksum: 147882 96433cebca7781212b33419726fd271e

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_m68k.deb

Size/MD5 checksum: 132748 ec499ea1a198151560d5e1050738465c

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_mips.deb

Size/MD5 checksum: 144526 b8577f77664f10bc433140eccfa024d9

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_mipsel.deb

Size/MD5 checksum: 143648 b2eac216eb51a3e75114662e0c3c3d05

PowerPC architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_powerpc.deb

Size/MD5 checksum: 143318 4e42843f540adea484c9b6513f7cc1ac

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_s390.deb

Size/MD5 checksum: 141042 11ec7a55306c470ff9bb9c248e73d1e6

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_sparc.deb

Size/MD5 checksum: 147806 698b5ab0d50fc0a77c0bb4921c5b77d5

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 642-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq


Package : gallery
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1106
BugTraq ID : 11602

Several vulnerabilities have been discovered in gallery, a
web-based photo album written in PHP4. The Common Vulnerabilities
and Exposures project identifies the following vulnerabilities:

CAN-2004-1106

Jim Paris discovered a cross site scripting vulnerability which
allows code to be inserted by using specially formed URLs.

CVE-NOMATCH

The upstream developers of gallery have fixed several cases of
possible variable injection that could trick gallery to unintended
actions, e.g. leaking database passwords.

For the stable distribution (woody) these problems have been
fixed in version 1.2.5-8woody3.

For the unstable distribution (sid) these problems have been
fixed in version 1.4.4-pl4-1.

We recommend that you upgrade your gallery package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3.dsc

Size/MD5 checksum: 573 f789c8198ba2b859cfb5cca31aaf6dcd

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3.diff.gz

Size/MD5 checksum: 7908 6acd9ee257ddad8c2ffa568b5540e9fe

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz

Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9

Architecture independent components:


http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3_all.deb

Size/MD5 checksum: 133126 3527d050800873dc990c1d002478aa7e

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200501-25


http://security.gentoo.org/


Severity: Normal
Title: Squid: Multiple vulnerabilities
Date: January 16, 2005
Bugs: #77934, #77521
ID: 200501-25


Synopsis

Squid contains vulnerabilities in the the code handling NTLM (NT
Lan Manager), Gopher to HTML and WCCP (Web Cache Communication
Protocol) which could lead to denial of service and arbitrary code
execution.

Background

Squid is a full-featured Web proxy cache designed to run on Unix
systems. It supports proxying and caching of HTTP, FTP, and other
URLs, as well as SSL support, cache hierarchies, transparent
caching, access control lists and many other features.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  www-proxy/squid     < 2.5.7-r2                        >= 2.5.7-r2

Description

Squid contains a vulnerability in the gopherToHTML function and
incorrectly checks the ‘number of caches’ field when parsing
WCCP_I_SEE_YOU messages. Furthermore the NTLM code contains two
errors. One is a memory leak in the fakeauth_auth helper and the
other is NULL pointer dereferencing error.

Impact

With the WCCP issue an attacker could cause denial of service by
sending a specially crafted UDP packet. With the Gopher issue an
attacker might be able to execute arbitrary code by enticing a user
to connect to a malicious Gopher server. The NTLM issues could lead
to denial of service by memory consumption or by crashing
Squid.

Workaround

There is no known workaround at this time.

Resolution

All Squid users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-proxy/squid-2.5.7-r2"

References

[ 1 ] Secunia Advisory SA13825

http://secunia.com/advisories/13825/

[ 2 ] Secunia Advisory SA13789

http://secunia.com/advisories/13789/

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-25.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandrakelinux


Mandrakelinux Security Update Advisory


Package name: cups
Advisory ID: MDKSA-2005:008
Date: January 17th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Corporate
Server 3.0


Problem Description:

A buffer overflow was discovered in the ParseCommand function in
the hpgltops utility. An attacker with the ability to send
malicious HPGL files to a printer could possibly execute arbitrary
code as the “lp” user (CAN-2004-1267).

Vulnerabilities in the lppasswd utility were also discovered.
The program ignores write errors when modifying the CUPS passwd
file. A local user who is able to fill the associated file system
could corrupt the CUPS passwd file or prevent future use of
lppasswd (CAN-2004-1268 and CAN-2004-1269). As well, lppasswd does
not verify that the passwd.new file is different from STDERR, which
could allow a local user to control output to passwd.new via
certain user input that could trigger an error message
(CAN-2004-1270).

The updated packages have been patched to prevent these
problems.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270


Updated Packages:

Mandrakelinux 10.0:
1e0251c77c7b2c9316bc521b0f82a53d
10.0/RPMS/cups-1.1.20-5.5.100mdk.i586.rpm
e77c1d4bff04dc3a1d609ecd1c8c9e0f
10.0/RPMS/cups-common-1.1.20-5.5.100mdk.i586.rpm
62aba65ac5bcdccfe758159b984b3994
10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.i586.rpm
7afb5aea66db7227a6914267be740833
10.0/RPMS/libcups2-1.1.20-5.5.100mdk.i586.rpm
14f7b61865ee7a15f2e1564cc60f9672
10.0/RPMS/libcups2-devel-1.1.20-5.5.100mdk.i586.rpm
16e7119ecb214022e6ff1297eaad3d2d
10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
5ebeedb2d182f35cf22c31afff3c0972
amd64/10.0/RPMS/cups-1.1.20-5.5.100mdk.amd64.rpm
d84c55b9076c74373fa4dbb4e86432ef
amd64/10.0/RPMS/cups-common-1.1.20-5.5.100mdk.amd64.rpm
ec5098bd9300257fe5011fca0bd8ae68
amd64/10.0/RPMS/cups-serial-1.1.20-5.5.100mdk.amd64.rpm
d0d1aac0eacef95e804e16d0ef5b2c6b
amd64/10.0/RPMS/lib64cups2-1.1.20-5.5.100mdk.amd64.rpm
3c1ff21d12d84af2be6da34d4362f43c
amd64/10.0/RPMS/lib64cups2-devel-1.1.20-5.5.100mdk.amd64.rpm
16e7119ecb214022e6ff1297eaad3d2d
amd64/10.0/SRPMS/cups-1.1.20-5.5.100mdk.src.rpm

Mandrakelinux 10.1:
ece1d0df72d1dc15a09ed755172770ba
10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.i586.rpm
288a2795e3e329ff708f3f47373187a1
10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.i586.rpm
89901c1c9a8169c5d80f818599bd44b5
10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.i586.rpm
6f8350dd4fb4937c17e362ef797dad96
10.1/RPMS/libcups2-1.1.21-0.rc1.7.3.101mdk.i586.rpm
5bc6dfa8bc58989678a962cfa1722688
10.1/RPMS/libcups2-devel-1.1.21-0.rc1.7.3.101mdk.i586.rpm
55d5adea7a47fc48a582dced0cba3bab
10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
ac22a09fe5c0d67121fb4584c1bd41dc
x86_64/10.1/RPMS/cups-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
a329cc52b9f6b6059a186f2b4758a430
x86_64/10.1/RPMS/cups-common-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
7b7bcd648c962069a534d3c7b3f416d2
x86_64/10.1/RPMS/cups-serial-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
fe88bf3a903767f50fe884c1006c72f1
x86_64/10.1/RPMS/lib64cups2-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm
8f71509bfd63c3deb83d1f7e67104088
x86_64/10.1/RPMS/lib64cups2-devel-1.1.21-0.rc1.7.3.101mdk.x86_64.rpm

55d5adea7a47fc48a582dced0cba3bab
x86_64/10.1/SRPMS/cups-1.1.21-0.rc1.7.3.101mdk.src.rpm

Corporate Server 2.1:
c7acb7c1e2ad053308af52c9729bc903
corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.i586.rpm
2a86e725464396da1a7d0d114ce97141
corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.i586.rpm
812683730d90ceb10dfbd3bd96f4b23b
corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.i586.rpm
0112be232e1f7e075c8402431600b450
corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.i586.rpm
1d51cc74a64648aaaaf94d8d0720d95f
corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.i586.rpm
45d74173e029fb4357b6fc150b5b0f96
corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm

Corporate Server 2.1/x86_64:
83b787f50242cbf5576e1b5849e415a9
x86_64/corporate/2.1/RPMS/cups-1.1.18-2.7.C21mdk.x86_64.rpm
7aa9052837d945a572525f4280ba3163
x86_64/corporate/2.1/RPMS/cups-common-1.1.18-2.7.C21mdk.x86_64.rpm

96ff5d11e78b862a5d707cbc29d0022f
x86_64/corporate/2.1/RPMS/cups-serial-1.1.18-2.7.C21mdk.x86_64.rpm

59db51c58eb2dac956ec9a20e72cf968
x86_64/corporate/2.1/RPMS/libcups1-1.1.18-2.7.C21mdk.x86_64.rpm
dcfe2dba0c165618ec2c43c4a53550d9
x86_64/corporate/2.1/RPMS/libcups1-devel-1.1.18-2.7.C21mdk.x86_64.rpm

45d74173e029fb4357b6fc150b5b0f96
x86_64/corporate/2.1/SRPMS/cups-1.1.18-2.7.C21mdk.src.rpm

Corporate Server 3.0:
980ef8bdf2fb0edf8f43744c58ab9d02
corporate/3.0/RPMS/cups-1.1.20-5.5.C30mdk.i586.rpm
88e3806fed54ee27bb3454d39d41dbdf
corporate/3.0/RPMS/cups-common-1.1.20-5.5.C30mdk.i586.rpm
9e03b10d467e249a4784f22a57a48138
corporate/3.0/RPMS/cups-serial-1.1.20-5.5.C30mdk.i586.rpm
35c6c14219de93adfd5bd8b3c224d8bd
corporate/3.0/RPMS/libcups2-1.1.20-5.5.C30mdk.i586.rpm
98368e82f1b812c5fdbebd985df65198
corporate/3.0/RPMS/libcups2-devel-1.1.20-5.5.C30mdk.i586.rpm
9b3fdc543ef0aa6d1c593d2b810eee57
corporate/3.0/SRPMS/cups-1.1.20-5.5.C30mdk.src.rpm

Mandrakelinux 9.2:
d3883cb621525731fc167ff32b9f60b8
9.2/RPMS/cups-1.1.19-10.5.92mdk.i586.rpm
7774fbbce517ef94092452b0f6bf6348
9.2/RPMS/cups-common-1.1.19-10.5.92mdk.i586.rpm
b60260260061314180b239b47326b96b
9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.i586.rpm
6a3cc8c852f46f3b3de385993d3c53bf
9.2/RPMS/libcups2-1.1.19-10.5.92mdk.i586.rpm
e53c2e66c366fac0ad470e5972170ac9
9.2/RPMS/libcups2-devel-1.1.19-10.5.92mdk.i586.rpm
811375f41b9f2c85e2bfa6f64a88a7e2
9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
d0d6cdc697cc7b200e5b2abd60121f10
amd64/9.2/RPMS/cups-1.1.19-10.5.92mdk.amd64.rpm
c528308bfd48852daecb0e7373c5f2bb
amd64/9.2/RPMS/cups-common-1.1.19-10.5.92mdk.amd64.rpm
99b41ab64d07eba6b75b294a2137c4a8
amd64/9.2/RPMS/cups-serial-1.1.19-10.5.92mdk.amd64.rpm
931920e3bf5e3aea34199e52f8bed860
amd64/9.2/RPMS/lib64cups2-1.1.19-10.5.92mdk.amd64.rpm
05acfa1a72f100c4607c8229784bb81d
amd64/9.2/RPMS/lib64cups2-devel-1.1.19-10.5.92mdk.amd64.rpm
811375f41b9f2c85e2bfa6f64a88a7e2
amd64/9.2/SRPMS/cups-1.1.19-10.5.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

All packages are signed by Mandrakesoft for security. You can
obtain the GPG public key of the Mandrakelinux Security Team by
executing:

gpg –recv-keys –keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandrakelinux at:

http://www.mandrakesoft.com/security/advisories

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>

SUSE Linux


SUSE Security Announcement

Package: php4, mod_php4
Announcement-ID: SUSE-SA:2005:002
Date: Monday, Jan 17th 2005 18:00 MEST
Affected products: 8.1, 8.2, 9.0, 9.1, 9.2 SUSE Linux Enterprise
Server 8, 9
Vulnerability Type: remote code execution
Severity (1-10): 7
SUSE default package: no Cross References: CAN-2004-1019
CAN-2004-1065 http://bugs.php.net/bug.php?id=25753

Content of this advisory:

  1. security vulnerability resolved:
    • buffer overflows in PHP
    • PHP source code disclosure problem description
  2. solution/workaround
  3. special instructions and notes
  4. package location and checksums
  5. pending vulnerabilities, solutions, workarounds:
  6. standard appendix (further information)

1) problem description, brief discussion

PHP is a well known, widely-used scripting language often used
within web server setups.

Stefan Esser and Marcus Boerger found several buffer overflow
problems in the unserializer functions of PHP (CAN-2004-1019) and
Ilia Alshanetsky (CAN-2004-1065) found one in the exif parser. Any
of them could allow remote attackers to execute arbitrary code as
the user running the PHP interpreter.

Additionally a bug where the server would disclose php
sourcecode under some circumstances has been fixed.

2) solution/workaround

There is no workaround known besides disabling PHP. Therefore we
recommend to install the updated packages.

3) special instructions and notes

If you use php as module within apache you have to restart the
server by executing the following command as root:

/usr/sbin/rcapache restart

or if you use the apache2 server

/usr/sbin/rcapache2 restart

4) package location and checksums

Download the update package for your distribution and verify its
integrity by the methods listed in section 3) of this announcement.
Then, install the package using the command “rpm -Fhv file.rpm” to
apply the update.
Our maintenance customers are being notified individually. The
packages are being offered for installation from the maintenance
web.

x86 Platform:

SUSE Linux 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.3.i586.rpm

e871c76bb7c0ba1fc34268e05ee54e94

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.3.i586.rpm

e9e0e5cbfa8805b6a5866cd91db1e715
patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/php4-4.3.8-8.3.i586.patch.rpm

7bc595dd946b7287c1b590283526500b

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/apache2-mod_php4-4.3.8-8.3.i586.patch.rpm

e72c58f0d9fbb9d7b0e23251f50b22c5
source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/php4-4.3.8-8.3.src.rpm

e80aff98a2d6bdcb56bf6ed7e1731611

SUSE Linux 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.22.i586.rpm

01ddb36914f644c65165250b7c7689e8

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.22.i586.rpm

9a3db7a8dcc0e5d6b49911d25e755069

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.22.i586.rpm

c072a97d0081976292d4d5005019dccd
patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/php4-4.3.4-43.22.i586.patch.rpm

01853c982ea0c89faecfe3fb568313b6

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/apache2-mod_php4-4.3.4-43.22.i586.patch.rpm

dd64ede42cf3a31a99df2e90ebb597a1

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mod_php4-core-4.3.4-43.22.i586.patch.rpm

d499fac997192f14e949398df2624a9d
source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/php4-4.3.4-43.22.src.rpm

7f23c05761153fec8786c9261e60a49a

SUSE Linux 9.0:

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-183.i586.rpm

bbf8be6995d2590af1e2a5d12d101ba6

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3-183.i586.rpm

d8c08e3e05104d0a291cc1b98111c3a1

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-183.i586.rpm

cb01290bc7c2b968eacea15114033ad4
patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-4.3.3-183.i586.patch.rpm

d69e6d3885258f06059f0c8cc4b3fc95

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/apache2-mod_php4-4.3.3-183.i586.patch.rpm

1d8029716edec5d69b9e9f54d2b311df

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mod_php4-core-4.3.3-183.i586.patch.rpm

a9d2199cb9d2ddb904a723d0a6107300
source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mod_php4-4.3.3-183.src.rpm

59f6c6664cad5ded05ce4b22d856d496

SUSE Linux 8.2:

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-4.3.1-174.i586.rpm

5a477c5733f83b776f746bc3431d8207

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-mod_php4-4.3.1-174.i586.rpm

90eb5f5d40142d7d34a3b46c5ce87ac8

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-core-4.3.1-174.i586.rpm

f55cf3b586c8a921700e8ecfb8ad5941
patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-4.3.1-174.i586.patch.rpm

e6c583ddaa03bd85729c46d9ddfc75dd

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/apache2-mod_php4-4.3.1-174.i586.patch.rpm

3053986191c3dd2354b931ea31fc9208

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mod_php4-core-4.3.1-174.i586.patch.rpm

7a8d67f1e02ea516f21df3ad69107b00
source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mod_php4-4.3.1-174.src.rpm

1d709df9d796d6f723590bc31afe9b18

SUSE Linux 8.1:

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mod_php4-4.2.2-485.i586.rpm

f597d7af4c5c3eb3fa74ead654ac79e3

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mod_php4-core-4.2.2-485.i586.rpm

136007f47679877b999eeee170bc0003
patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mod_php4-4.2.2-485.i586.patch.rpm

07b674f1ec878bbb6ee68e6da52144d4

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mod_php4-core-4.2.2-485.i586.patch.rpm

30c83209b3e7177f9ac34365f51f9c72
source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/mod_php4-4.2.2-485.src.rpm

e6a23b4c8cbba800d002104da80fbc17

x86-64 Platform:

SUSE Linux 9.2:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/php4-4.3.8-8.3.x86_64.rpm

96c10340cd1e9dbd499ceb264ff6862b

ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/apache2-mod_php4-4.3.8-8.3.x86_64.rpm

0650c7390f4b341ad496030e6d7c7585
source rpm(s):

ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/php4-4.3.8-8.3.src.rpm

e80aff98a2d6bdcb56bf6ed7e1731611

SUSE Linux 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.22.x86_64.rpm

d7b5bd55bd381bbf674ad9111e336741

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.22.x86_64.rpm

0b8d4a5de7c53fef7364ef2883269c95

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.22.x86_64.rpm

f973f7d09700571dca8221aaffa8a74b
patch rpm(s):

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/php4-4.3.4-43.22.x86_64.patch.rpm

cf568e895d1b4e79ba0a87c3ddfa68fe

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/apache2-mod_php4-4.3.4-43.22.x86_64.patch.rpm

d74c95e6d64ab16ebd8b0bfc1bfda08f

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mod_php4-core-4.3.4-43.22.x86_64.patch.rpm

12c7794749389feaec02b707da12c4d4
source rpm(s):

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/php4-4.3.4-43.22.src.rpm

61ae620d5e5bb9c6ebb53c77fdd2f0ee

SUSE Linux 9.0:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-183.x86_64.rpm

42ddc755c8a14eda9a2e7527e1c6ab83

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4.3.3-183.x86_64.rpm

96cf0ad7d9dd5faed47a81619a3f11e9

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.3-183.x86_64.rpm

a4af66488b211562da363b342c80fabd
patch rpm(s):

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-4.3.3-183.x86_64.patch.rpm

564fc4425ba3d8c995836b61c93082f9

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/apache2-mod_php4-4.3.3-183.x86_64.patch.rpm

67580deaea8aed5c1f6af1c8fb5f7889

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mod_php4-core-4.3.3-183.x86_64.patch.rpm

bfe305060c4ca74d88b8503996a953ae
source rpm(s):

ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mod_php4-4.3.3-183.src.rpm

e1f76b408a70416b1e80dd2fb8f6721a


5) Pending vulnerabilities in SUSE Distributions and
Workarounds:

Please read our weekly summary report for more information.


6) standard appendix: authenticity verification, additional
information

  • Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers
    all over the world. While this service is being considered valuable
    and important to the free and open source software community, many
    users wish to be sure about the origin of the package and its
    content before installing the package. There are two verification
    methods that can be used independently from each other to prove the
    authenticity of a downloaded file or rpm package:

    1. md5sums as provided in the (cryptographically signed)
      announcement.
    2. using the internal gpg signatures of the rpm package.
    3. execute the command md5sum <name-of-the-file.rpm> after
      you downloaded the file from a SUSE ftp server or its mirrors.
      Then, compare the resulting md5sum with the one that is listed in
      the announcement. Since the announcement containing the checksums
      is cryptographically signed (usually using the key security@suse.de), the checksums show
      proof of the authenticity of the package. We recommend against
      subscribing to security lists that cause the e-mail message
      containing the announcement to be modified so that the signature
      does not match after transport through the mailing list software.
      Downsides: You must be able to verify the authenticity of the
      announcement in the first place. If RPM packages are being rebuilt
      and a new version of a package is published on the ftp server, all
      md5 sums for the files are useless.
    4. rpm package signatures provide an easy way to verify the
      authenticity of an rpm package. Use the command rpm -v –checksig
      <file.rpm> to verify the signature of the package, where
      <file.rpm> is the file name of the rpm package that you have
      downloaded. Of course, package authenticity verification can only
      target an uninstalled rpm package file. Prerequisites:

      1. gpg is installed
      2. The package is signed using a certain key. The public part of
        this key must be installed by the gpg program in the directory
        ~/.gnupg/ under the user’s home directory who performs the
        signature verification (usually root). You can import the key that
        is used by SUSE in rpm packages for SUSE Linux by saving this
        announcement to a file (“announcement.txt”) and running the command
        (do “su -” to be root): gpg –batch; gpg < announcement.txt |
        gpg –import SUSE Linux distributions version 7.1 and thereafter
        install the key “build@suse.de
        upon installation or upgrade, provided that the package gpg is
        installed. The file containing the public key is placed at the
        top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de
        .
  • SUSE runs two security mailing lists to which any interested
    party may subscribe:

    suse-security@suse.com

  • general/linux/SUSE security discussion. All SUSE security
    announcements are sent to this list. To subscribe, send an email to

    <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com

  • SUSE’s announce-only mailing list. Only SUSE’s security
    announcements are sent to this list. To subscribe, send an email to

    <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:

    <suse-security-info@suse.com>
    or <suse-security-faq@suse.com>
    respectively.


SUSE’s security contact is <security@suse.com> or
<security@suse.de>.
The <security@suse.de>
public key is listed below.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis