---

Security Digest: January 6, 2005

Fedora Core


Fedora Update Notification
FEDORA-2005-001
2005-01-06


Product : Fedora Core 2
Name : exim
Version : 4.43
Release : 1.FC2.1
Summary : The exim mail transfer agent

Description :
Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. In
style it is similar to Smail 3, but its facilities are more
extensive, and in particular it has options for verifying incoming
sender and recipient addresses, for refusing mail from specified
hosts, networks, or senders, and for controlling mail relaying.
Exim is in production use at quite a few sites, some of which move
hundreds of thousands of messages per day.

Exiscan is compiled in to allow inbuilt scanning capability.
See

http://duncanthrax.net/exiscan-acl/


Update Information:

This erratum fixes two relatively minor security issues which
were discovered in Exim in the last few weeks. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2005-0021 and CAN-2005-0022 to these, respectively.

  1. The function host_aton() can overflow a buffer if it is
    presented with an illegal IPv6 address that has more than 8
    components.
  2. The second report described a buffer overflow in the function
    spa_base64_to_bits(), which is part of the code for SPA
    authentication. This code originated in the Samba project. The
    overflow can be exploited only if you are using SPA
    authentication.

  • Tue Jan 04 2005 David Woodhouse <dwmw2@redhat.com> 4.43-1.FC2.1
    • Fix buffer overflows (CAN-2005-0021, CAN-2005-0022)
    • Demonstrate SASL auth configuration in default config file
    • Enable TLS and provide certificate if necessary
    • Don’t reject all GB2312 charset mail by default
  • Thu Oct 07 2004 Thomas Woerner <twoerner@redhat.com> 4.43-1
    • new version 4.43 with sasl support
    • new exiscan-acl-4.43-28
    • new config.samples and FAQ-html (added publication date)
    • new BuildRequires for cyrus-sasl-devel openldap-devel
      openssl-devel and PreReq for cyrus-sasl openldap openssl
  • Mon Sep 13 2004 Thomas Woerner <twoerner@redhat.com> 4.42-2
    • update to sa-exim-4.1: fixes spamassassin’s new score=3D string
      (#131796)
  • Fri Aug 27 2004 Thomas Woerner <twoerner@redhat.com> 4.42-1
    • new version 4.42
  • Mon Aug 02 2004 Thomas Woerner <twoerner@redhat.com> 4.41-1
    • new version 4.41
  • Fri Jul 02 2004 Thomas Woerner <twoerner@redhat.com> 4.34-3
    • added pre-definition of local_delivery using Cyrus-IMAP
      (#122912)
    • added BuildRequires for pam-devel (#124555)
    • fixed format string bugs (#125117)
    • fixed sa-exim code placed wrong in spec file (#127102)
    • extended postun with alternatives call
  • Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
    • rebuilt
  • Wed May 12 2004 David Woodhouse <dwmw2@redhat.com> 4.34-1
    • Update to Exim 4.34, exiscan-acl 4.34-21

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

c962c75145017206cde8c67fd7a56eb7
SRPMS/exim-4.43-1.FC2.1.src.rpm
a533e222f4ff2beb0536daf177def1b8
x86_64/exim-4.43-1.FC2.1.x86_64.rpm
c0639fcca5b8bbca2e753155a2c34532
x86_64/exim-mon-4.43-1.FC2.1.x86_64.rpm
7fe11efcfb57bf044d0bf2f09c53f6f2
x86_64/exim-doc-4.43-1.FC2.1.x86_64.rpm
b28149b3e7e2fed0dee72e30ad39a52b
x86_64/exim-sa-4.43-1.FC2.1.x86_64.rpm
283a93d612b65e2a514ba6fc8131677d
x86_64/debug/exim-debuginfo-4.43-1.FC2.1.x86_64.rpm
f2d1181933fa6f6b34cd1ae71bee16a4
i386/exim-4.43-1.FC2.1.i386.rpm
628be45b2a947f7579c4dd068ac45bf1
i386/exim-mon-4.43-1.FC2.1.i386.rpm
16f125efa84916c076586c01ba6d4e8c
i386/exim-doc-4.43-1.FC2.1.i386.rpm
c94d60d7d71b6dffe3a06967c45ce79f
i386/exim-sa-4.43-1.FC2.1.i386.rpm
e7233593925bf8a0003a9ca7c74c2bdd
i386/debug/exim-debuginfo-4.43-1.FC2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2005-001
2005-01-06


Product : Fedora Core 3
Name : exim
Version : 4.43
Release : 1.FC3.1
Summary : The exim mail transfer agent

Description :
Exim is a mail transport agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. In
style it is similar to Smail 3, but its facilities are more
extensive, and in particular it has options for verifying incoming
sender and recipient addresses, for refusing mail from specified
hosts, networks, or senders, and for controlling mail relaying.
Exim is in production use at quite a few sites, some of which move
hundreds of thousands of messages per day.

Exiscan is compiled in to allow inbuilt scanning capability.
See

http://duncanthrax.net/exiscan-acl/


Update Information:

This erratum fixes two relatively minor security issues which
were discovered in Exim in the last few weeks. The Common
Vulnerabilities and Exposures project (cve.mitre.org/) has assigned the names
CAN-2005-0021 and CAN-2005-0022 to these, respectively.

  1. The function host_aton() can overflow a buffer if it is
    presented with an illegal IPv6 address that has more than 8
    components.
  2. The second report described a buffer overflow in the function
    spa_base64_to_bits(), which is part of the code for SPA
    authentication. This code originated in the Samba project. The
    overflow can be exploited only if you are using SPA
    authentication.

  • Tue Jan 04 2005 David Woodhouse <dwmw2@redhat.com> 4.43-1.FC3.1
    • Fix buffer overflows (CAN-2005-0021, CAN-2005-0022)
    • Demonstrate SASL auth configuration in default config file
    • Enable TLS and provide certificate if necessary
    • Don’t reject all GB2312 charset mail by default

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

f4cafadca104a85ff5f31cbf5ca4c4f1
SRPMS/exim-4.43-1.FC3.1.src.rpm
3412f5b4cf40ad504dbaf2b7e2fffa62
x86_64/exim-4.43-1.FC3.1.x86_64.rpm
1446c41e65cfd6f15ae60b969ab3d20c
x86_64/exim-mon-4.43-1.FC3.1.x86_64.rpm
e71be8446d9e4d250ca40a41c2d7b49a
x86_64/exim-doc-4.43-1.FC3.1.x86_64.rpm
1d515c5be494e657333549f72f4621e2
x86_64/exim-sa-4.43-1.FC3.1.x86_64.rpm
bcd320d0c2f88911a3ccc02b95cb2843
x86_64/debug/exim-debuginfo-4.43-1.FC3.1.x86_64.rpm
7c2205113fe3285a76b797748845548b
i386/exim-4.43-1.FC3.1.i386.rpm
8227e5701319639057b951bc45bbecf8
i386/exim-mon-4.43-1.FC3.1.i386.rpm
3b7e2741f4208757e92ab2d228b1fe8a
i386/exim-doc-4.43-1.FC3.1.i386.rpm
4e5cbfea028184d6710443a3c0e79c29
i386/exim-sa-4.43-1.FC3.1.i386.rpm
9c2c6e5d633104ca71bf80b062e9f0a2
i386/debug/exim-debuginfo-4.43-1.FC3.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Updates for the PowerPC architecture are also available from the
yum repository at the following address:
ftp://ftp.uk.linux.org/pub/people/dwmw2/fc3-updates-ppc/


Fedora Update Notification
FEDORA-2004-584
2005-01-06


Product : Fedora Core 2
Name : tetex
Version : 2.0.2
Release : 14FC2.1
Summary : The TeX text formatting system.

Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX
takes a text file and a set of formatting commands as input and
creates a typesetter-independent .dvi (DeVice Independent) file as
output. Usually, TeX is used in conjunction with a higher level
formatting package like LaTeX or PlainTeX, since TeX by itself is
not very user-friendly.

Install tetex if you want to use the TeX text formatting system.
If you are installing tetex, you will also need to install
tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvips
(for converting .dvi files to PostScript format for printing on
PostScript printers), tetex-latex (a higher level formatting
package which provides an easier-to-use interface for TeX), and
tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.


Update Information:

The updated tetex package fixes a buffer overflow which allows
attackers to cause the internal xpdf library used by applications
in tetex to crash, and possibly to execute arbitrary code. The
Common Vulnerabilities and Exposures projects (cve.mitre.org/) has assigned the name
CAN-2004-1125 to this issue.


  • Tue Nov 09 2004 Jindrich Novy <jnovy@redhat.com> 2.0.2-14FC2.1
    • Fix CAN-2004-1125 xpdf overflows.
  • Tue Nov 09 2004 Jindrich Novy <jnovy@redhat.com> 2.0.2-14FC2
    • Add xpdf overflow security patch (CESA-2004-007)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/

14bcf3cb94172a8fec405166e904f477
SRPMS/tetex-2.0.2-14FC2.1.src.rpm
cf4249542063afad9a64849fa6a5c3b8
x86_64/tetex-2.0.2-14FC2.1.x86_64.rpm
64b36e00a314bfe8e832708364c449ec
x86_64/tetex-latex-2.0.2-14FC2.1.x86_64.rpm
662f8c9f9c36e8a2ac646ec4a662b358
x86_64/tetex-xdvi-2.0.2-14FC2.1.x86_64.rpm
56ae4a2055677d35a08df45aa203dedc
x86_64/tetex-dvips-2.0.2-14FC2.1.x86_64.rpm
3b08fda494d8db9b182b267c5fac65fc
x86_64/tetex-afm-2.0.2-14FC2.1.x86_64.rpm
60b41eb32432ae86eb161e6acbd21312
x86_64/tetex-fonts-2.0.2-14FC2.1.x86_64.rpm
681d654ae8d1487ddc63d2ac664125fc
x86_64/tetex-doc-2.0.2-14FC2.1.x86_64.rpm
00f7a420bd92d74d7ce6727dbd75e3a2
x86_64/debug/tetex-debuginfo-2.0.2-14FC2.1.x86_64.rpm
dc2bd2ee63df05de037bd49d253c4def
i386/tetex-2.0.2-14FC2.1.i386.rpm
e3159dfd0e43c77b9af20a5bec5b8f2e
i386/tetex-latex-2.0.2-14FC2.1.i386.rpm
f23a92930c01795278a1adf6376970a5
i386/tetex-xdvi-2.0.2-14FC2.1.i386.rpm
c8de010d4e7ab324a834bbaedfa7fc7f
i386/tetex-dvips-2.0.2-14FC2.1.i386.rpm
eb9d19121ac9eb703691dc2273593109
i386/tetex-afm-2.0.2-14FC2.1.i386.rpm
b3cc536693c014a3d3e0b8dea88486bd
i386/tetex-fonts-2.0.2-14FC2.1.i386.rpm
f6f5895547d91f495fc84c434ae766d0
i386/tetex-doc-2.0.2-14FC2.1.i386.rpm
28d7cde3b110ea601322898d100f1d91
i386/debug/tetex-debuginfo-2.0.2-14FC2.1.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.



Fedora Update Notification
FEDORA-2004-585
2005-01-06


Product : Fedora Core 3
Name : tetex
Version : 2.0.2
Release : 21.2
Summary : The TeX text formatting system.

Description :
TeTeX is an implementation of TeX for Linux or UNIX systems. TeX
takes a text file and a set of formatting commands as input and
creates a typesetter-independent .dvi (DeVice Independent) file as
output. Usually, TeX is used in conjunction with a higher level
formatting package like LaTeX or PlainTeX, since TeX by itself is
not very user-friendly.

Install tetex if you want to use the TeX text formatting system.
If you are installing tetex, you will also need to install
tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvips
(for converting .dvi files to PostScript format for printing on
PostScript printers), tetex-latex (a higher level formatting
package which provides an easier-to-use interface for TeX), and
tetex-xdvi (for previewing .dvi files in X). Unless you are an
expert at using TeX, you should also install the tetex-doc package,
which includes the documentation for TeX.


Update Information:

The updated tetex package fixes a buffer overflow which allows
attackers to cause the internal xpdf library used by applications
in tetex to crash, and possibly to execute arbitrary code. The
Common Vulnerabilities and Exposures projects (cve.mitre.org/) has assigned the name
CAN-2004-1125 to this issue.


  • Mon Dec 27 2004 Jindrich Novy <jnovy@redhat.com> 2.0.2-21.2
    • Fix CAN-2004-1125 xpdf overflow
  • Tue Nov 02 2004 Jindrich Novy <jnovy@redhat.com> 2.0.2-21.1
    • Add xpdf overflow security patch (CESA-2004-007)

This update can be downloaded from:

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

eeffe10a8d42f6269f2e7a9225b76108
SRPMS/tetex-2.0.2-21.2.src.rpm
2e3fe2e80094656b2a571b424f3bc002
x86_64/tetex-2.0.2-21.2.x86_64.rpm
e8fac4727a41f4cd97442e2e84fcc188
x86_64/tetex-latex-2.0.2-21.2.x86_64.rpm
94c4217e1b73293706b45880fbc72e39
x86_64/tetex-xdvi-2.0.2-21.2.x86_64.rpm
aef9eb3e2c213e6512b6c63c767893e0
x86_64/tetex-dvips-2.0.2-21.2.x86_64.rpm
b978a97c56edd0f8473646553912292f
x86_64/tetex-afm-2.0.2-21.2.x86_64.rpm
a350d6ebb4130fc67584f9dcb9aa8b34
x86_64/tetex-fonts-2.0.2-21.2.x86_64.rpm
a6435f2dadbce2192226bf1d6c751f7b
x86_64/tetex-doc-2.0.2-21.2.x86_64.rpm
94442d1626174498758f2f7999c31b1d
x86_64/debug/tetex-debuginfo-2.0.2-21.2.x86_64.rpm
e47da926c1a225d73724786e1d708989 i386/tetex-2.0.2-21.2.i386.rpm
774fa2bd414a297a92101000d5f3a980
i386/tetex-latex-2.0.2-21.2.i386.rpm
83e020d800b3d6faee79f4955c148083
i386/tetex-xdvi-2.0.2-21.2.i386.rpm
c4e3699330d79b05b99ffedb22ee6f2a
i386/tetex-dvips-2.0.2-21.2.i386.rpm
50fd2ac5818c548f7749e73b11f86b6b
i386/tetex-afm-2.0.2-21.2.i386.rpm
584b54a8d6c2241b49b9b7e38e7c0268
i386/tetex-fonts-2.0.2-21.2.i386.rpm
d151205d1990b1a09641e279e7f10aa3
i386/tetex-doc-2.0.2-21.2.i386.rpm
58f207404845c4de68c7ce0658d606e8
i386/debug/tetex-debuginfo-2.0.2-21.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the ‘up2date’ command.


Debian GNU/Linux


Debian Security Advisory DSA 627-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
January 6th, 2005 http://www.debian.org/security/faq


Package : namazu2
Vulnerability : unsanitised input
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1318

A cross-site scripting vulnerability has been discovered in
namazu2, a full text search engine. An attacker could prepare
specially crafted input that would not be sanitised by namazu2 and
hence displayed verbatim for the victim.

For the stable distribution (woody) this problem has been fixed
in version 2.0.10-1woody3.

For the unstable distribution (sid) this problem has been fixed
in version 2.0.14-1.

We recommend that you upgrade your namazu2 package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.dsc

Size/MD5 checksum: 729 55d9af5c2d7acce5eb762335e51da150

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3.diff.gz

Size/MD5 checksum: 10026 c47888f62795d22e2e82c2078e75583e

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10.orig.tar.gz

Size/MD5 checksum: 833838 85892f930e5ef694f39469f136f484b4

Architecture independent components:


http://security.debian.org/pool/updates/main/n/namazu2/namazu2-common_2.0.10-1woody3_all.deb

Size/MD5 checksum: 57566 2619b0261f7c78f567c5b57bc7134709

http://security.debian.org/pool/updates/main/n/namazu2/namazu2-index-tools_2.0.10-1woody3_all.deb

Size/MD5 checksum: 78724 0caddc9af184cdd666f3cb8e4b86a38d

Alpha architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_alpha.deb

Size/MD5 checksum: 116832 4729657782021cc31cd560b8e5d7eb41

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_alpha.deb

Size/MD5 checksum: 144424 a15b70d1f03ff9861e533230790718f1

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_alpha.deb

Size/MD5 checksum: 282454 59f32b2d66a1350f373647d1f66569f6

ARM architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_arm.deb

Size/MD5 checksum: 105864 09deb2f4befbcf66c28ec9cdd4284b94

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_arm.deb

Size/MD5 checksum: 124170 5c6ff41c3591f8da3fda507b7cfb1d15

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_arm.deb

Size/MD5 checksum: 264236 1914b11a284327e358d25f7f45522c4b

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_i386.deb

Size/MD5 checksum: 103678 7eb33aebb6d18620f39bca6b39491f5c

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_i386.deb

Size/MD5 checksum: 117564 be97133d3c04355444fedafaf08b8d72

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_i386.deb

Size/MD5 checksum: 254140 fcd5ae7c0cbd72a3fe79efb23545d8d6

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_ia64.deb

Size/MD5 checksum: 132674 54adcfa851a138b9f5f1ae96cb7e51c3

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_ia64.deb

Size/MD5 checksum: 150578 26c7c95f53e6dc9905e84f59103cfa24

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_ia64.deb

Size/MD5 checksum: 296226 55d76574ec6153ce8b0ac3c0ccb47d1f

HP Precision architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_hppa.deb

Size/MD5 checksum: 112816 155828c8655c08ea416827df8459ea43

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_hppa.deb

Size/MD5 checksum: 133528 af9255851e8a929e47825967bd014bbf

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_hppa.deb

Size/MD5 checksum: 274078 aea2d08e925a2812a9eea146cc218385

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_m68k.deb

Size/MD5 checksum: 100310 f7725c1c8fe62804a0fe39640ae9115b

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_m68k.deb

Size/MD5 checksum: 112702 f386f191a54c984b4267e358ab4be654

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_m68k.deb

Size/MD5 checksum: 261686 4b4a86ae53e1fdc86eb00d8cb16ed014

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mips.deb

Size/MD5 checksum: 105814 b7c1fd14d53989ea2c90731b3f959799

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mips.deb

Size/MD5 checksum: 131316 51889c3007f3ee41dea8fd7a3c3ec274

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mips.deb

Size/MD5 checksum: 271730 c2477168d829487189dd6d8b1ce6ff67

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_mipsel.deb

Size/MD5 checksum: 106256 668f8ba923e5d08d5c87a4a5f74740a7

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_mipsel.deb

Size/MD5 checksum: 131404 9f3061b682909c5c5913e699adba864f

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_mipsel.deb

Size/MD5 checksum: 271884 a971c52803427dd47275884f7ba3f0d7

PowerPC architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_powerpc.deb

Size/MD5 checksum: 108332 c07f0b023e9f181b967d3e7df0de14d3

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_powerpc.deb

Size/MD5 checksum: 130170 76acd402967c90fbc70f8ae896a4d04f

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_powerpc.deb

Size/MD5 checksum: 268662 76cab38114df6c859268dff7c88e19c7

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_s390.deb

Size/MD5 checksum: 105502 db1d1c167293cbf66903e6dd02723c39

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_s390.deb

Size/MD5 checksum: 119206 384c7333574c8215efa3ccb5e6d38f28

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_s390.deb

Size/MD5 checksum: 267478 d7916aaa85f57b5ce58233b8ea1ca723

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/n/namazu2/libnmz3_2.0.10-1woody3_sparc.deb

Size/MD5 checksum: 109758 5f5895fa7dc160572f03554e67511673

http://security.debian.org/pool/updates/main/n/namazu2/libnmz3-dev_2.0.10-1woody3_sparc.deb

Size/MD5 checksum: 124550 a6865ee432d9456e6f441f97e5630905

http://security.debian.org/pool/updates/main/n/namazu2/namazu2_2.0.10-1woody3_sparc.deb

Size/MD5 checksum: 266456 61629bca08f4d73a00998fe3071757d8

These files will probably be moved into the stable distribution
on its next update.



Debian Security Advisory DSA 628-1 security@debian.org
http://www.debian.org/security/
Martin Schulze January 6th, 2005 http://www.debian.org/security/faq


Package : imlib2
Vulnerability : integer overflows
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1026

Pavel Kankovsky discovered that several overflows found in the
libXpm library were also present in imlib and imlib2, imaging
libraries for X11. An attacker could create a carefully crafted
image file in such a way that it could cause an application linked
with imlib or imlib2 to execute arbitrary code when the file was
opened by a victim. The Common Vulnerabilities and Exposures
project identifies the following problems:

CAN-2004-1025

Multiple heap-based buffer overflows. No such code is present in
imlib2.

CAN-2004-1026

Multiple integer overflows in the imlib library.

For the stable distribution (woody) these problems have been
fixed in version 1.0.5-2woody2.

For the unstable distribution (sid) these problems will be fixed
soon.

We recommend that you upgrade your imlib2 packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:


http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody2.dsc

Size/MD5 checksum: 733 6f6e8508b5b630a86f9efcfecde7def4

http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody2.diff.gz

Size/MD5 checksum: 24428 a564f25fde0c5b0cabcc09d5b5159535

http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5.orig.tar.gz

Size/MD5 checksum: 688261 3b1a80c95ff2a4cfb3bce49e27d94461

Alpha architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_alpha.deb

Size/MD5 checksum: 191216 5fb5991f4fb1239e5f1cd0c1a7d969bf

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_alpha.deb

Size/MD5 checksum: 483026 cdf1447ba093954a4d99bec1d04aecb9

ARM architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_arm.deb

Size/MD5 checksum: 165194 2c7d609e7f2777a118be441b7379ec49

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_arm.deb

Size/MD5 checksum: 440948 601854f35385592e7c3daeda7c6e946b

Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_i386.deb

Size/MD5 checksum: 149446 51b598088378311845699e97e480f88d

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_i386.deb

Size/MD5 checksum: 403528 ffbb69fee4cf35317c63813e86153173

Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_ia64.deb

Size/MD5 checksum: 246832 aefd120663f3d66136a295fb2834ebc4

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_ia64.deb

Size/MD5 checksum: 508434 06f35a685680b023cd403c35b7ae423f

HP Precision architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_hppa.deb

Size/MD5 checksum: 193598 f5d1aa5591f46bf7cc0a4991ebf17b57

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_hppa.deb

Size/MD5 checksum: 467452 1692700274cf6db934c3e8eada86e0ca

Motorola 680×0 architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_m68k.deb

Size/MD5 checksum: 149362 b7b490352539282cb496fe0033f1510c

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_m68k.deb

Size/MD5 checksum: 402692 2d2848f5df47b51e6731e63d2e3f4a61

Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_mips.deb

Size/MD5 checksum: 158132 8fa35f404b87dc55a85b9f864c60dd3b

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_mips.deb

Size/MD5 checksum: 447340 d7260c65edee790294ca5abe78ed8ea9

Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_mipsel.deb

Size/MD5 checksum: 157308 ca665733cf4f1bba438d4e8c1dc2b2d3

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_mipsel.deb

Size/MD5 checksum: 439724 910d1d3f6d92c33229046a07780e52d1

PowerPC architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_powerpc.deb

Size/MD5 checksum: 168694 cd8efd37e1b4c99790676b7859f7d655

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_powerpc.deb

Size/MD5 checksum: 443648 f0cd41775ea1e80875e4109662408e52

IBM S/390 architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_s390.deb

Size/MD5 checksum: 169030 8200d4599577df133a9a944786e958e7

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_s390.deb

Size/MD5 checksum: 421472 f7fc3deb38b061fb5e6bd1f448dea617

Sun Sparc architecture:


http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody2_sparc.deb

Size/MD5 checksum: 166290 96777c27912c44e1ca40089cca0a5453

http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody2_sparc.deb

Size/MD5 checksum: 434848 edc14a5c15cab67eaa1b7cf50ae28450

These files will probably be moved into the stable distribution
on its next update.


For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Gentoo Linux


Gentoo Linux Security Advisory GLSA 200501-10


http://security.gentoo.org/


Severity: Normal
Title: Vilistextum: Buffer overflow vulnerability
Date: January 06, 2005
Bugs: #74694
ID: 200501-10


Synopsis

Vilistextum is vulnerable to a buffer overflow that allows an
attacker to execute arbitrary code through the use of a malicious
webpage.

Background

Vilistextum is an HTML to text converter.

Affected packages


     Package               /  Vulnerable  /                 Unaffected

  1  app-text/vilistextum       < 2.6.7                       >= 2.6.7

Description

Ariel Berkman discovered that Vilistextum unsafely reads data
into an array without checking the length. This code vulnerability
may lead to a buffer overflow.

Impact

A remote attacker could craft a malicious webpage which, when
converted, would result in the execution of arbitrary code with the
rights of the user running Vilistextum.

Workaround

There is no known workaround at this time.

Resolution

All Vilistextum users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-text/vilistextum-2.6.7"

References

[ 1 ] Original Advisory

http://tigger.uic.edu/~jlongs2/holes/vilistextum.txt

[ 2 ] CAN-2004-1299

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1299

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-09


http://security.gentoo.org/


Severity: Normal
Title: xzgv: Multiple overflows
Date: January 06, 2005
Bugs: #74069
ID: 200501-09


Synopsis

xzgv contains multiple overflows that may lead to the execution
of arbitrary code.

Background

xzgv is a picture viewer for X, with a thumbnail-based file
selector.

Affected packages


     Package         /  Vulnerable  /                       Unaffected

  1  media-gfx/xzgv       <= 0.8                             >= 0.8-r1

Description

Multiple overflows have been found in the image processing code
of xzgv, including an integer overflow in the PRF parsing code
(CAN-2004-0994).

Impact

An attacker could entice a user to open or browse a
specially-crafted image file, potentially resulting in the
execution of arbitrary code with the rights of the user running
xzgv.

Workaround

There is no known workaround at this time.

Resolution

All xzgv users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r1"

References

[ 1 ] CAN-2004-0994

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0994

[ 2 ] iDEFENSE Advisory


http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=true

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-09.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-08


http://security.gentoo.org/


Severity: Normal
Title: phpGroupWare: Various vulnerabilities
Date: January 06, 2005
Bugs: #74487
ID: 200501-08


Synopsis

Multiple vulnerabilities have been discovered in phpGroupWare
that could lead to information disclosure or remote compromise.

Background

phpGroupWare is a web-based suite of group applications
including a calendar, todo-list, addressbook, email, wiki, news
headlines, and a file manager.

Affected packages


     Package                /   Vulnerable   /              Unaffected

  1  www-apps/phpgroupware     < 0.9.16.004              >= 0.9.16.004

Description

Several flaws were discovered in phpGroupWare making it
vulnerable to cross-site scripting attacks, SQL injection, and full
path disclosure.

Impact

These vulnerabilities could allow an attacker to perform
cross-site scripting attacks, execute SQL queries, and disclose the
full path of the web directory.

Workaround

There is no known workaround at this time.

Resolution

All phpGroupWare users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.004"

References

[ 1 ] BugTraq Advisory

http://www.securityfocus.com/archive/1/384492

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-08.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-07


http://security.gentoo.org/


Severity: Normal
Title: xine-lib: Multiple overflows
Date: January 06, 2005
Bugs: #74475
ID: 200501-07


Synopsis

xine-lib contains multiple overflows potentially allowing
execution of arbitrary code.

Background

xine-lib is a multimedia library which can be utilized to create
multimedia frontends.

Affected packages


     Package              /  Vulnerable  /                  Unaffected

  1  media-libs/xine-lib     < 1_rc8-r1                    >= 1_rc8-r1
                                                          *>= 1_rc6-r1

Description

Ariel Berkman discovered that xine-lib reads specific input data
into an array without checking the input size in demux_aiff.c,
making it vulnerable to a buffer overflow (CAN-2004-1300) .
iDefense discovered that the PNA_TAG handling code in
pnm_get_chunk() does not check if the input size is larger than the
buffer size (CAN-2004-1187). iDefense also discovered that in this
same function, a negative value could be given to an unsigned
variable that specifies the read length of input data
(CAN-2004-1188).

Impact

A remote attacker could craft a malicious movie or convince a
targeted user to connect to a malicious PNM server, which could
result in the execution of arbitrary code with the rights of the
user running any xine-lib frontend.

Workaround

There is no known workaround at this time.

Resolution

All xine-lib users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose media-libs/xine-lib

References

[ 1 ] CAN-2004-1187

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187

[ 2 ] CAN-2004-1188

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188

[ 3 ] CAN-2004-1300

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300

[ 4 ] iDefense Advisory


http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities

[ 5 ] iDefense Advisory


http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities

[ 6 ] Ariel Berkman Advisory

http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-07.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-06


http://security.gentoo.org/


Severity: Normal
Title: tiff: New overflows in image decoding
Date: January 05, 2005
Bugs: #75213
ID: 200501-06


Synopsis

An integer overflow has been found in the TIFF library image
decoding routines and the tiffdump utility, potentially allowing
arbitrary code execution.

Background

The TIFF library contains encoding and decoding routines for the
Tag Image File Format. It is called by numerous programs, including
GNOME and KDE applications, to interpret TIFF images.

Affected packages


     Package          /  Vulnerable  /                      Unaffected

  1  media-libs/tiff     < 3.7.1-r1                        >= 3.7.1-r1

Description

infamous41md found a potential integer overflow in the directory
entry count routines of the TIFF library (CAN-2004-1308). Dmitry V.
Levin found another similar issue in the tiffdump utility
(CAN-2004-1183).

Impact

A remote attacker could entice a user to view a carefully
crafted TIFF image file, which would potentially lead to execution
of arbitrary code with the rights of the user viewing the image.
This affects any program that makes use of the TIFF library,
including many web browsers or mail readers.

Workaround

There is no known workaround at this time.

Resolution

All TIFF library users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.1-r1"

References

[ 1 ] CAN-2004-1183

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183

[ 2 ] CAN-2004-1308

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308

[ 3 ] iDEFENSE Advisory


http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


Gentoo Linux Security Advisory GLSA 200501-05


http://security.gentoo.org/


Severity: High
Title: mit-krb5: Heap overflow in libkadm5srv
Date: January 05, 2005
Bugs: #75143
ID: 200501-05


Synopsis

The MIT Kerberos 5 administration library (libkadm5srv) contains
a heap overflow that could lead to execution of arbitrary code.

Background

MIT krb5 is the free implementation of the Kerberos network
authentication protocol by the Massachusetts Institute of
Technology.

Affected packages


     Package             /  Vulnerable  /                   Unaffected

  1  app-crypt/mit-krb5       < 1.3.6                         >= 1.3.6

Description

The MIT Kerberos 5 administration library libkadm5srv contains a
heap overflow in the code handling password changing.

Impact

Under specific circumstances an attacker could execute arbitary
code with the permissions of the user running mit-krb5, which could
be the root user.

Workaround

There is no known workaround at this time.

Resolution

All mit-krb5 users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6"

References

[ 1 ] CAN 2004-1189

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189

Availability

This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200501-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.

License

Copyright 2005 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).

The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

Mandrakelinux


Mandrakelinux Security Update Advisory


Package name: libtiff
Advisory ID: MDKSA-2005:001
Date: January 6th, 2005
Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi
Network Firewall 8.2


Problem Description:

Several vulnerabilities have been discovered in the libtiff
package:

iDefense reported the possibility of remote exploitation of an
integer overflow in libtiff that may allow for the execution of
arbitrary code.

The overflow occurs in the parsing of TIFF files set with the
STRIPOFFSETS flag.

iDefense also reported a heap-based buffer overflow
vulnerability within the LibTIFF package could allow attackers to
execute arbitrary code. (CAN-2004-1308)

The vulnerability specifically exists due to insufficient
validation of user-supplied data when calculating the size of a
directory entry.

The updated packages a
re patched to protect against these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308


Updated Packages:

Mandrakelinux 10.0:

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis