Debian GNU/Linux
Debian Security Advisory DSA 654-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
Package : enscript
Vulnerability : several
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-1184 CAN-2004-1185 CAN-2004-1186
Erik S. has discovered several security relevant problems in
enscript, a program to convert ASCII text into Postscript and other
formats. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:
CAN-2004-1184
Unsanitised input can cause the execution of arbitrary commands
via EPSF pipe support. This has been disabled, also upstream.
CAN-2004-1185
Due to missing sanitising of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be
executed.
CAN-2004-1186
Multiple buffer overflows can cause the program to crash.
Usually, enscript is only run locally, but since it is executed
inside of viewcvs some of the problems mentioned above can easily
be turned into a remote vulnerability.
For the stable distribution (woody) these problems have been
fixed in version 1.6.3-1.3.
For the unstable distribution (sid) these problems have been
fixed in version 1.6.4-6.
We recommend that you upgrade your enscript package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.dsc
Size/MD5 checksum: 598 b64a0ab822bd8e613a96cfe534f40cbc
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3.diff.gz
Size/MD5 checksum: 7312 5f39d5caad3a93f874705a10f4a4ae6d
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3.orig.tar.gz
Size/MD5 checksum: 814308 ec717f8b0de7db00a21a21f70d354610
Alpha architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_alpha.deb
Size/MD5 checksum: 488176 ef6dc427cf55c77423da2b84c04a291e
ARM architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_arm.deb
Size/MD5 checksum: 466220 6443058723684f0c7b7d14d659e909bf
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_i386.deb
Size/MD5 checksum: 458068 1b5dd9325b47b06f6fb0280a74753bdd
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_ia64.deb
Size/MD5 checksum: 506248 5a4bc6e9f0f771b694e65908bc302e64
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_hppa.deb
Size/MD5 checksum: 477426 0f2bc8aba5c8f244d6d882c87b01946a
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_m68k.deb
Size/MD5 checksum: 447374 1054d2c3a5f249b2c7167fdd2aec2726
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mips.deb
Size/MD5 checksum: 470862 996def7fa0ca46edac520083d5d22e39
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_mipsel.deb
Size/MD5 checksum: 470122 1f886d9ab7df6d9e3b4aafe6840676f8
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_powerpc.deb
Size/MD5 checksum: 466374 a08bf7e3d47b5ed94cf436439d21922b
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_s390.deb
Size/MD5 checksum: 460778 a2f4b67a5c7af46eba735b44ccea7de1
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/enscript/enscript_1.6.3-1.3_sparc.deb
Size/MD5 checksum: 465822 a8da2cae1003ca40e4e8b6c81137fb63
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 652-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
Package : unarj
Vulnerability : several
Problem-Type : local (remote)
Debian-specific: no
CVE ID : CAN-2004-0947 CAN-2004-1027
Debian Bug : 281922
Several vulnerabilities have been discovered in unarj, a
non-free ARJ unarchive utility. The Common Vulnerabilities and
Exposures Project identifies the following vulnerabilities:
CAN-2004-0947
A buffer overflow has been discovered when handling long file
names contained in an archive. An attacker could create a specially
crafted archive which could cause unarj to crash or possibly
execute arbitrary code when being extracted by a victim.
CAN-2004-1027
A directory traversal vulnerability has been found so that an
attacker could create a specially crafted archive which would
create files in the parent directory when being extracted by a
victim. When used recursively, this vulnerability could be used to
overwrite critical system files and programs.
For the stable distribution (woody) these problems have been
fixed in version 2.43-3woody1.
For the unstable distribution (sid) these problems don’t apply
since unstable/non-free does not contain the unarj package.
We recommend that you upgrade your unarj package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1.dsc
Size/MD5 checksum: 528 e1d166f2eaf315641d1269a32ad1dc76
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1.diff.gz
Size/MD5 checksum: 12903 4ef4cfad33d05ecc048d63596ab2673c
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43.orig.tar.gz
Size/MD5 checksum: 39620 7a481dc017f1fbfa7f937a97e66eb99f
Alpha architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_alpha.deb
Size/MD5 checksum: 29668 08dc91afd3146ccdfaa51d73f8be56e5
ARM architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_arm.deb
Size/MD5 checksum: 22784 ed352d363cbeb34ba2268db63a632824
Intel IA-32 architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_i386.deb
Size/MD5 checksum: 20690 aa9490bd82bc9aef4f6092d19fa83eaa
Intel IA-64 architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_ia64.deb
Size/MD5 checksum: 31072 0b1f0403cfaaf572399fcb60b2549664
HP Precision architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_hppa.deb
Size/MD5 checksum: 23888 15a8d6b0b7b565186398c0b8ebe3eb6a
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_m68k.deb
Size/MD5 checksum: 20384 644a6dcc9f566bad384c050bc8b8fb14
PowerPC architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_powerpc.deb
Size/MD5 checksum: 23060 5c5a1f0157aa613337f80b439e78456f
IBM S/390 architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_s390.deb
Size/MD5 checksum: 22668 97dc977c8217a10d4915ee32db49edd5
Sun Sparc architecture:
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_sparc.deb
Size/MD5 checksum: 25386 bd2210a978ad30306e3db2ab112c87e8
These files will probably be moved into the stable distribution
on its next update.
Debian Security Advisory DSA 653-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 21st, 2005 http://www.debian.org/security/faq
Package : ethereal
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-0084
A buffer overflow has been detected in the X11 dissector of
ethereal, a commonly used network traffic analyser. A remote
attacker may be able to overflow a buffer using a specially crafted
IP packet. More problems have been discovered which don’t apply to
the version in woody but are fixed in sid as well.
For the stable distribution (woody) this problem has been fixed
in version 0.9.4-1woody11.
For the unstable distribution (sid) this problem has been fixed
in version 0.10.9-1.
We recommend that you upgrade your ethereal package.
Upgrade Instructions
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
Source archives:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.dsc
Size/MD5 checksum: 681 8e8bbe73bf65d45446fb7c03dddb41a1
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11.diff.gz
Size/MD5 checksum: 40601 a9a6e17ee6c2e1749ac3d140628c77c6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4.orig.tar.gz
Size/MD5 checksum: 3278908 42e999daa659820ee93aaaa39ea1e9ea
Alpha architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 1941102 aab1360769a64476ce4113068230c8ad
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 334424 c3647ca04af3f48b4e24ec6ae2fa6b4d
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 222460 06e7e8c5713efa6f102bb436c6251e61
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_alpha.deb
Size/MD5 checksum: 1707844 08f64c248a99394a8366ca5b512e096d
ARM architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 1635456 190bd5415abaf62c1cde340605079152
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 297770 6d5ee1df687aeee0e49d4bc27cfab0da
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 206356 fcba9b5be975e62bd5cf8efca338a299
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_arm.deb
Size/MD5 checksum: 1439676 d825f5c16e37f1a5c1a7aaa6ba0798b1
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 1513338 996070722f320a6d6d40652101480ec6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 286736 69fd768db07ee2ac52b33f3188fdba97
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 198652 50e416b732e5d02d1f8e6bfb5269d1f9
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_i386.deb
Size/MD5 checksum: 1326536 c8415c2297b0bc30a297b3b07e0a1186
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 2150414 b46cc7da4c46e2a920299cef6d6f1f1c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 373372 1b977535a20b449ea7c1b21e09f9493b
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 234004 e8c69f3f1db9708ceb2e74122e81c168
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_ia64.deb
Size/MD5 checksum: 1861780 6c48358d2c8c892d24ebbc29b020931d
HP Precision architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 1804712 495491720997b53f60f5b9dbfeabac27
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 322696 cccbc77685f25eb8aa1a8429e0298dd7
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 217116 3bcb0ff60d01b12b85d25ee6e277fbe2
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_hppa.deb
Size/MD5 checksum: 1576164 67ecb81ffa522198b999353ce6294b19
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 1424704 7014155418ca6c1947e71a04ab716b03
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 282996 c73d8c241771bbe5f89c1e859e436aba
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 195364 21d07bf8bb05d52dfd45d91c73c656a6
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_m68k.deb
Size/MD5 checksum: 1248922 5cd077cf05e8e14f627a10e44ced739d
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 1617160 41dd4cd8059c472ff109bb002d9b5074
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 305514 855a56f8596f0bb4da7fe0024616d87a
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 213936 8459c58071700c436ea96af9a6fd7901
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mips.deb
Size/MD5 checksum: 1422110 bdcdf3c021429ccaf8eb95027a48f69e
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 1598210 0c60efc6fcdea7d25359ecd88dd8aeff
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 304982 63cea39a93b19891ae0bbfaa8c5e0327
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 213596 e7d160f30cd5e9360fc90d4ef160dfb6
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_mipsel.deb
Size/MD5 checksum: 1406444 e8f3d141f724da42a16d051c12879efb
PowerPC architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 1618676 f3890280569d1b2a7e66c039c0def6b4
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 302174 d5c364dcb6039f637005c4ce259bed2c
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 209172 ae06ac9e4e976d4fd846b3b222efe911
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_powerpc.deb
Size/MD5 checksum: 1419454 2a6a56b278e0e647cbb7c41881e5aaa0
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 1574786 17c662f34613b6b0fb24e033dd1fc463
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 301014 7f0c78cce38eb8927b708146cb4b8463
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 204250 f85efb4e0c75da840c7b1224292f7005
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_s390.deb
Size/MD5 checksum: 1387552 c4e2e39307ca9b70793e1b8a6dc9a3ee
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 1583368 199f9efbe4d98e43882bb28d054c8ff6
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 318282 87d2b4c8298e3e179d89aa3827602011
http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 205026 0c71e4c61947bc0f198de8d66a1892b4
http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.9.4-1woody11_sparc.deb
Size/MD5 checksum: 1389390 8327f812bcaee04cf83fc34f8450aacc
These files will probably be moved into the stable distribution
on its next update.
For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>
Gentoo Linux
Gentoo Linux Security Advisory GLSA 200501-30
Severity: Normal
Title: CUPS: Stack overflow in included Xpdf code
Date: January 22, 2005
Bugs: #78249
ID: 200501-30
Synopsis
CUPS includes Xpdf code and therefore is vulnerable to the
recent stack overflow issue, potentially resulting in the remote
execution of arbitrary code.
Background
The Common UNIX Printing System (CUPS) is a cross-platform print
spooler. It makes use of Xpdf code to handle PDF files.
Affected packages
Package / Vulnerable / Unaffected
1 net-print/cups < 1.1.23-r1 >= 1.1.23-r1
Description
The Decrypt::makeFileKey2 function in Xpdf’s Decrypt.cc
insufficiently checks boundaries when processing /Encrypt /Length
tags in PDF files (GLSA 200501-28).
Impact
This issue could be exploited by a remote attacker to execute
arbitrary code by sending a malicious print job to a CUPS
spooler.
Workaround
There is no known workaround at this time.
Resolution
All CUPS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-print/cups-1.1.23-r1"
References
[ 1 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
[ 2 ] GLSA 200501-28
http://www.gentoo.org/security/en/glsa/glsa-200501-28.xml
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200501-30.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200501-28
Severity: Normal
Title: Xpdf, GPdf: Stack overflow in Decrypt::makeFileKey2
Date: January 21, 2005
Bugs: #77888, #78128
ID: 200501-28
Synopsis
A stack overflow was discovered in Xpdf, potentially resulting
in the execution of arbitrary code. GPdf includes Xpdf code and
therefore is vulnerable to the same issue.
Background
Xpdf is an open source viewer for Portable Document Format (PDF)
files. GPdf is a Gnome-based PDF viewer that includes some Xpdf
code.
Affected packages
Package / Vulnerable / Unaffected
1 app-text/xpdf <= 3.00-r7 >= 3.00-r8 2 app-text/gpdf < 2.8.2 >= 2.8.2 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures.
Description
iDEFENSE reports that the Decrypt::makeFileKey2 function in
Xpdf’s Decrypt.cc insufficiently checks boundaries when processing
/Encrypt /Length tags in PDF files.
Impact
An attacker could entice an user to open a specially-crafted PDF
file which would trigger a stack overflow, potentially resulting in
execution of arbitrary code with the rights of the user running
Xpdf or GPdf.
Workaround
There is no known workaround at this time.
Resolution
All Xpdf users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/xpdf-3.00-r8"
All GPdf users should also upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/gpdf-2.8.2"
References
[ 1 ] CAN-2005-0064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
[ 2 ] iDEFENSE Advisory
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities&flashstatus=true
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200501-28.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200501-26
Severity: Normal
Title: ImageMagick: PSD decoding heap overflow
Date: January 20, 2005
Bugs: #77932
ID: 200501-26
Synopsis
ImageMagick is vulnerable to a heap overflow when decoding
Photoshop Document (PSD) files, which could lead to arbitrary code
execution.
Background
ImageMagick is a collection of tools to read, write and
manipulate images in many formats.
Affected packages
Package / Vulnerable / Unaffected
1 media-gfx/imagemagick < 6.1.8.8 >= 6.1.8.8
Description
Andrei Nigmatulin discovered that a Photoshop Document (PSD)
file with more than 24 layers could trigger a heap overflow.
Impact
An attacker could potentially design a mailicous PSD image file
to cause arbitrary code execution with the permissions of the user
running ImageMagick.
Workaround
There is no known workaround at this time.
Resolution
All ImageMagick users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-gfx/imagemagick-6.1.8.8"
References
[ 1 ] CAN-2005-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0005
[ 2 ] iDEFENSE Advisory
http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200501-26.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200501-29
Severity: Low
Title: Mailman: Cross-site scripting vulnerability
Date: January 22, 2005
Bugs: #77524
ID: 200501-29
Synopsis
Mailman is vulnerable to cross-site scripting attacks.
Background
Mailman is a Python-based mailing list server with an extensive
web interface.
Affected packages
Package / Vulnerable / Unaffected
1 net-mail/mailman < 2.1.5-r3 >= 2.1.5-r3
Description
Florian Weimer has discovered a cross-site scripting
vulnerability in the error messages that are produced by
Mailman.
Impact
By enticing a user to visiting a specially-crafted URL, an
attacker can execute arbitrary script code running in the context
of the victim’s browser.
Workaround
There is no known workaround at this time.
Resolution
All Mailman users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
References
[ 1 ] CAN-2004-1177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1177
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200501-29.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
Gentoo Linux Security Advisory GLSA 200501-27
Severity: High
Title: Ethereal: Multiple vulnerabilities
Date: January 20, 2005
Bugs: #78559
ID: 200501-27
Synopsis
Multiple vulnerabilities exist in Ethereal, which may allow an
attacker to run arbitrary code, crash the program or perform DoS by
CPU and disk utilization.
Background
Ethereal is a feature rich network protocol analyzer.
Affected packages
Package / Vulnerable / Unaffected
1 net-analyzer/ethereal < 0.10.9 >= 0.10.9
Description
There are multiple vulnerabilities in versions of Ethereal
earlier than 0.10.9, including:
- The COPS dissector could go into an infinite loop
(CAN-2005-0006). - The DLSw dissector could cause an assertion, making Ethereal
exit prematurely (CAN-2005-0007). - The DNP dissector could cause memory corruption
(CAN-2005-0008). - The Gnutella dissector could cause an assertion, making
Ethereal exit prematurely (CAN-2005-0009). - The MMSE dissector could free statically-allocated memory
(CAN-2005-0010). - The X11 dissector is vulnerable to a string buffer overflow
(CAN-2005-0084).
Impact
An attacker might be able to use these vulnerabilities to crash
Ethereal, perform DoS by CPU and disk space utilization or even
execute arbitrary code with the permissions of the user running
Ethereal, which could be the root user.
Workaround
For a temporary workaround you can disable all affected protocol
dissectors by selecting Analyze->Enabled Protocols… and
deselecting them from the list. However, it is strongly recommended
to upgrade to the latest stable version.
Resolution
All Ethereal users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/ethereal-0.10.9"
References
[ 1 ] CAN-2005-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0006
[ 2 ] CAN-2005-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0007
[ 3 ] CAN-2005-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0008
[ 4 ] CAN-2005-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0009
[ 5 ] CAN-2005-0010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0010
[ 6 ] CAN-2005-0084
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0084
[ 7 ] Ethereal Release Notes
http://www.ethereal.com/news/item_20050120_01.html
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200501-27.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
KDE
KDE Security Advisory: KOffice PDF Import Filter
Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0064
http://www.idefense.com/application/poi/display?id=3D186&type=3Dvulnerab=
ilities
1. Systems affected:
KOffice 1.3 up to including KOffice 1.3.5
2. Overview:
The KOffice PDF Import Filter shares code with xpdf. xpdf
contains a buffer overflow that can be triggered by a specially
crafted PDF file.
3. Impact:
Remotely supplied pdf files can be used to execute arbitrary
code on the client machine when the user opens such file in
KOffice.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for KOffice 1.3.5 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches
:
0e6194cbfe3f6d3b3c848c2c76ef5bfb post-1.3.5-koffice.diff
6. Time line and credits:
19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches
prepared.
20/01/2005 Public disclosure.
KDE Security Advisory: Multiple vulnerabilities in
Konversation
Original Release Date: 20050121
URL: http://www.kde.org/info/security/advisory-20050121-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0130
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0131
http://lists.netsys.com/pipermail/full-disclosure/2005-January/031033.html
1. Systems affected:
All Konversation versions up to and including 0.15
2. Overview:
Multiple vulnerabilities have been discovered in Konversation,
an IRC client for KDE. A flaw in the expansion of %-escaped
variables makes that %-escaped variables in certain input strings
will be inadvertently expanded too. The Common Vulnerabilities and
Exposures project (cve.mitre.org
has assigned the name CAN-2005-0129 to this issue. Several perl
scripts included with Konversation fail to properly handle command
line arguments causing a command line injection vulnerability. The
Common Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0130 to this issue. Nick and password are confused in the
quick connection dialog,=20 so connecting with that dialog and
filling in a password, would use that password as nick, and may
inadvertently expose the password to others. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the name
CAN-2005-0131 to this issue.
3. Impact:
A user might be tricked to join a channel with a specially
crafted channel name containing shell commands. If user runs a
script in that channel it will result in an arbitrary command
execution.
If quick connect is used with a password, the password is used
as nickname instead. As a result the password may be exposed to
others.
4. Solution:
Upgrade to Konversation 0.15.1 available from
http://download.berlios.de/konversation/konversation-0.15.1.tar.bz2
5. Patch:
A patch for Konversation 0.15 is available from ftp://ftp.kde.org/pub/kde/security_patches
36f8b6beac18a9d173339388d13e2335 post-0.15-konversation.diff
6. Time line and credits:
18/01/2005 Konversation developers informed by Wouter
Coekaerts
19/01/2005 Patches applied to KDE CVS.
19/01/2005 Konversation 0.15.1 released.
21/01/2005 KDE Security Advisory released.
LBA-Linux
LBA-Linux Security Advisory
Subject: Updated cups package for LBA-Linux R2
Advisory ID: LBASA-2004:59
Date: Friday, January 21, 2005
Product: LBA-Linux R2
Problem description:
CAN-2004-1267
Buffer overflow in the ParseCommand function in hpgl-input.c in the
hpgltops program for CUPS 1.1.22 allows remote attackers to execute
arbitrary code via a crafted HPGL file.
CAN-2004-1268
lppasswd in CUPS 1.1.22 ignores write errors when modifying the
CUPS passwd file, which allows local users to corrupt the file by
filling the associated file system and triggering the write
errors.
CAN-2004-1269
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it
encounters a file-size resource limit while writing to passwd.new,
which causes subsequent invocations of lppasswd to fail.
CAN-2004-1270
lppasswd in CUPS 1.1.22, when run in environments that do not
ensure that file descriptors 0, 1, and 2 are open when lppasswd is
called, does not verify that the passwd.new file is different from
STDERR, which allows local users to control output to passwd.new
via certain user input that triggers an error message.
CAN-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute
arbitrary code via a PDF file with a large /Encrypt /Length
keyLength value.
Updated packages:
LBA-Linux R2:
i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/cups-1.1.20-4.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/cups-libs-1.1.20-4.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/cups-devel-1.1.20-4.lba.4.i386.rpm
Upgrading your system:
To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:
- Log in to your LBA-Linux desktop as the root user.
- Click on the penguin icon at the lower left of the display, and
select the menu item SYSTEM TOOLS>UPDATER. - Click on the item named cups to highlight it.
- Click on the PACKAGE menu in the menu bar, and select the
UPGRADE action. - Confirm the upgrade by clicking the APPLY button in Updater’s
main toolbar.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Copyright(c) 2001-2004 SOT
LBA-Linux Security Advisory
Subject: Updated kdegraphics package for LBA-Linux R2
Advisory ID: LBASA-2004:60
Date: Friday, January 21, 2005
Product: LBA-Linux R2
Problem description:
CAN-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute
arbitrary code via a PDF file with a large /Encrypt /Length
keyLength value.
Updated packages:
LBA-Linux R2:
i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/kdegraphics-3.2.0-1.3.lba.7.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/kdegraphics-devel-3.2.0-1.3.lba.7.i386.rpm
Upgrading your system:
To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:
- Log in to your LBA-Linux desktop as the root user.
- Click on the penguin icon at the lower left of the display, and
select the menu item SYSTEM TOOLS>UPDATER. - Click on the item named kdegraphics to highlight it.
- Click on the PACKAGE menu in the menu bar, and select the
UPGRADE action. - Confirm the upgrade by clicking the APPLY button in Updater’s
main toolbar.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Copyright(c) 2001-2004 SOT
LBA-Linux Security Advisory
Subject: Updated tetex package for LBA-Linux R2
Advisory ID: LBASA-2004:61
Date: Friday, January 21, 2005
Product: LBA-Linux R2
Problem description:
CAN-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute
arbitrary code via a PDF file with a large /Encrypt /Length
keyLength value.
Updated packages:
LBA-Linux R2:
i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-2.0.2-12.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-afm-2.0.2-12.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-doc-2.0.2-12.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-dvips-2.0.2-12.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-fonts-2.0.2-12.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-latex-2.0.2-12.lba.4.i386.rpm
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/tetex-xdvi-2.0.2-12.lba.4.i386.rpm
Upgrading your system:
To apply this security update to your LBA-Linux system, run the
Updater tool from the LBA-Linux root desktop:
- Log in to your LBA-Linux desktop as the root user.
- Click on the penguin icon at the lower left of the display, and
select the menu item SYSTEM TOOLS>UPDATER. - Click on the item named tetex to highlight it.
- Click on the PACKAGE menu in the menu bar, and select the
UPGRADE action. - Confirm the upgrade by clicking the APPLY button in Updater’s
main toolbar.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
Copyright(c) 2001-2004 SOT
LBA-Linux Security Advisory
Subject: Updated xpdf package for LBA-Linux R2
Advisory ID: LBASA-2004:58
Date: Friday, January 21, 2005
Product: LBA-Linux R2
Problem description:
CAN-2005-0064
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc
for xpdf 3.00 and earlier allows remote attackers to execute
arbitrary code via a PDF file with a large /Encrypt /Length
keyLength value.
Updated packages:
LBA-Linux R2:
i386:
ftp://ftp.sot.com/lba-linux_r2/apt/RPMS.updates/xpdf-3.00-3.lba.8.i386.rpm
U