From: Sebastian Krahmer <krahmer@suse.de> Subject: [suse-security-announce] SuSE Security Announcement: sgmltool Date: 04 May 2001 14:54:28 +0200 ___________________________________________________________________________ SuSE Security Announcement Package: sgmltool-1.0.9-266 Announcement-ID: SuSE-SA:2001:16 Date: Friday, May 4th, 14:55:35 CEST 2001 Affected SuSE versions: 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local fileaccess problem Severity (1-10): 2 SuSE default package: yes Other affected systems: All UN*X systems using this package Content of this advisory: 1) security vulnerability resolved: sgmltool problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ____________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The sgmltool programs ("sgml2html" and others) are used to convert SGML-files into various other formats. During operation, the underlying SGML perlmodule creates temporary files in an insecure way. This allows attackers to destroy arbitrary files owned by the user who invoked the sgmltool program. The problem has been fixed by creating temporary files with the exclusive (O_EXCL) option upon opening them. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/sgm1/sgmltool-1.0.9-302.i386.rpm bdedaefb82dc2bb8ff0a522607b80ac3 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/sgmltool-1.0.9-302.src.rpm dc5612aa475c5d6dcaaeee86e6bf985f SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/sgm1/sgmltool-1.0.9-301.i386.rpm 916953307d466d3bd8d26fb0655ce55a source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/sgmltool-1.0.9-301.src.rpm 5e11b85a494e1033ee2a83839cb296fe SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/sgm1/sgmltool-1.0.9-300.i386.rpm a489acc5c3dce4c44915e47b3ee64790 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/sgmltool-1.0.9-300.src.rpm efdb6b08988b689127600a954ebe2e2f SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/sgm1/sgmltool-1.0.9-300.i386.rpm 9c1e5da161b67248935cbc7f485dfd40 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/sgmltool-1.0.9-300.src.rpm a2deae294821e73ed24429636b20ed2a Sparc Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/sgm1/sgmltool-1.0.9-283.sparc.rpm b3e0ec269392fb3d77c37cc698f77d16 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/sgmltool-1.0.9-283.src.rpm eb80b6efe08f40139ec181fed7ccc832 SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/sgm1/sgmltool-1.0.9-284.sparc.rpm 8312ac046de5df7a47008dba32f1a7e8 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/sgmltool-1.0.9-284.src.rpm a7e48214ae01f4f720240c1204120927 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/sgm1/sgmltool-1.0.9-283.alpha.rpm 06348dc4b669098d80bc16a8cc836123 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/sgmltool-1.0.9-283.src.rpm c7c7ff5507f7a510d615235323f9f636 SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/sgm1/sgmltool-1.0.9-281.alpha.rpm ee6bb4dd45c90ba716f0d825fba7bbca source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/sgmltool-1.0.9-281.src.rpm 44366d7edcace3448a606aff0c73026f SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/sgm1/sgmltool-1.0.9-281.alpha.rpm 2c2450e3dfdde9066269add9cfb0757b source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/sgmltool-1.0.9-281.src.rpm 66a9d60866a5ebbb2e0682a2056f2528 PPC Power PC Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/sgm1/sgmltool-1.0.9-216.ppc.rpm 01bda0ee0edfa1e1036d27b2bb3de352 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/sgmltool-1.0.9-216.src.rpm 1c6668d3ccc1b27bb3d5a4f84b308323 SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/sgm1/sgmltool-1.0.9-216.ppc.rpm e9b7161fe3a10624790ce65d9909165d source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/sgmltool-1.0.9-216.src.rpm 15b8204b9378f8e833e6bac263bbacdd SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/sgm1/sgmltool-1.0.9-216.ppc.rpm 6af30c53d022866df5dd69ae053eeeea source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/sgmltool-1.0.9-216.src.rpm 35aa3ab2a86498c5e6ad145c0c7e378a ____________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - Marcus Meissner (Caldera) found a bug in KDE 2.1.*'s kdesu program which allows attackers to gather private information. This is due to insecure local filehandling by the kdesu program. Please update to the newest packages. - minicom format string vulnerabilities have been found in the minicom package. If /usr/bin/minicom is installed suid, the vulnerability may be exploited to gain elevated privileges. Please note that this is not the case in SuSE distributions. If you decided to make /usr/bin/minicom suid uucp or even suid root, please make sure that you grant access to the execution of minicom to trusted users only. - cfingerd The package has been found vulnerable to a remotely exploitable weakness. SuSE Linux distributions do not ship this version of fingerd. - webmin Insecure handling of temporary files has been found in webmin, a comprehensive administration webinterface. SuSE distributions do not contain the webmin package and therefore are not vulnerable to the found vulnerabilities by default. We urge administrators who use webmin to upgrade to the latest version of webmin available. - gnupg/gpg, openssl Several weaknesses have been found in gnupg/gpg that can reduce the strength of encrypted data. We will provide updates for the gnupg/gpg package. The updates are currently being tested. ____________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . suse-security-announce@suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. =============================================== SuSE's security contact is . =============================================== Regards, Sebastian Krahmer ____________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory.