-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2007-0017
Package names: elinks, mysql, php, php4, pptpd, quagga, samba, vim
Summary: Multiple vulnerabilities
Date: 2007-05-17
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Secure Linux 3.0.5
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
elinks
ELinks is a program for browsing the web in text mode. It provide a
feature-rich text mode browser with an open patches/features inclusion
policy and active development. One of these features is that ELinks
includes Links-Lua which adds scripting capabilities to ELinks.
mysql
MySQL is a true multi-user, multi-threaded SQL (Structured Query
Language) database server. MySQL is a client/server implementation
that consists of a server daemon (mysqld) and many different client
programs/libraries.
php
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache web server to understand and
process the embedded PHP language in web pages.
php4
PHP4 is an HTML-embedded scripting language. PHP4 attempts to make it
easy for developers to write dynamically generated web pages. PHP
also offers built-in database integration for several commercial
and non-commercial database management systems, so writing a
database-enabled web page with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts. The
mod_php module enables the Apache web server to understand and
process the embedded PHP language in web pages.
pptpd
PPTPd, Point-to-Point Tunnelling Protocol Daemon, offers out
connections to pptp clients to become virtual members of the IP pool
owned by the pptp server. In effect, these clients become virtual
members of the local subnet, regardless of what their real IP address
is. A tunnel is built between the pptp server and client, and packets
from the subnet are wrapped and passed between server and client
similar to other C/S protocols.
quagga
Quagga is a free software that manages TCP/IP based routing protocol.
It takes multi-server and multi-thread approach to resolve the current
complexity of the Internet.
samba
Samba provides an SMB server which can be used to provide network
services to SMB (sometimes called "Lan Manager") clients, including
various versions of MS Windows, OS/2, and other Linux machines. Samba
uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI
(Microsoft Raw NetBIOS frame) protocol.
vim
VIM (VIsual editor iMproved) is an updated and improved version of the
vi editor. Vi was the first real screen-based editor for UNIX, and is
still very popular. VIM improves on vi by adding new features: multiple
windows, multi-level undo, block highlighting and more.
Problem description:
elinks < TSL 3.0.5 > < TSL 3.0 >
- New upstream.
- SECURITY Fix: Arnaud Giersch has reported a weakness in ELinks,
caused due to the "add_filename_to_string()" function in
src/intl/gettext/loadmsgcat.c reading gettext catalogs from
potentially untrusted paths. This can be exploited to execute
arbitrary code with escalated privileges by enticing another
user to run ELinks in a specially prepared directory environment.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2027 to this issue.
mysql < TSL 3.0.5 >
- New Upstream.
- SECURITY Fix: Neil Kettle has reported a vulnerability in MySQL,
caused due to an error when handling specially crafted IF queries,
which can be exploited to crash the server.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2583 to this issue.
php < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- SECURITY Fix: Several vulnerabilities have been reported in PHP,
where some have unknown impacts and others can be exploited by
malicious users to manipulate certain data, disclose potentially
sensitive information, bypass certain security restrictions,
or to cause a DoS.(SA25123)
php4 < TSL 2.2 > < TSEL 2>
- New Upstream.
- SECURITY Fix: Several vulnerabilities have been reported in PHP,
where some have unknown impacts and others can be exploited by
malicious users to manipulate certain data, disclose potentially
sensitive information, bypass certain security restrictions,
or to cause a DoS.(SA25123)
pptpd < TSL 3.0.5 > < TSL 3.0 >
- SECURITY Fix: A vulnerability has been identified in pptpd caused by
errors in the "decaps_gre()" function when processing specially
crafted GRE (Generic Route Encapsulation) packets, which could be
exploited by remote attackers to cause PPTP connections to terminate,
creating a denial of service condition.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2007-0244 to this issue.
quagga < TSL 3.0.5 > < TSL 3.0 >
- New Upstream.
- SECURITY Fix: Paul Jakma has reported a vulnerability in Quagga,
caused due to bgpd not checking the length information of the
"MP_UNREACH_NLRI" and "MP_REACH_NLRI" attributes. This can be
exploited to cause an assertion error or out of bounds read by
sending a specially crafted UPDATE message.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-1995 to this issue.
samba < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 > < TSEL 2>
- SECURITY Fix: Logic error in the SID/Name translation functionality
in smbd allows local users to gain temporary privileges and execute
SMB/CIFS protocol operations via unspecified vectors that cause the
daemon to transition to the root user.
- Multiple heap-based buffer overflows in the NDR parsing in smbd allow
remote attackers to execute arbitrary code via crafted MS-RPC
requests.
- The MS-RPC functionality in smbd allows remote attackers to execute
arbitrary commands via shell metacharacters involving the
(1) SamrChangePassword function, when the "username map script"
smb.conf option is enabled, and allows remote authenticated users to
execute commands via shell metacharacters involving other MS-RPC
functions in the (2) remote printer and (3) file share management.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2444, CVE-2007-2446 and CVE-2007-2447
to these issue.
vim < TSL 3.0.5 > < TSL 3.0 >
- Patch level 239.
- SECURITY Fix: Tomas Golembiovsky has discovered a vulnerability in
Vim, caused due to the application allowing e.g. the "feedkeys()"
function to be called in the sandbox. This can be exploited to
execute arbitrary commands with privileges of the Vim user.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2438 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/>
<URI:http://www.trustix.org/errata/trustix-3.0/> and
<URI:http://www.trustix.org/errata/trustix-3.0.5/>
or directly at
<URI:http://www.trustix.org/errata/2007/0017/>
MD5sums of the packages:
- --------------------------------------------------------------------------
e27ed3a4963178502e24acd843efeff8 3.0.5/rpms/elinks-0.11.3-1tr.i586.rpm
e8ce85ac86862cd51abf95e48969e571 3.0.5/rpms/mysql-5.0.41-1tr.i586.rpm
696d7683c257e6af947332fb713d8679 3.0.5/rpms/mysql-bench-5.0.41-1tr.i586.rpm
bd73e0f2f7087c65bda7445d8ca18eb7 3.0.5/rpms/mysql-client-5.0.41-1tr.i586.rpm
f1bde184de70ec7d947c72c69a144b01 3.0.5/rpms/mysql-devel-5.0.41-1tr.i586.rpm
ad6a955053d89a9ea9e646022a195acd 3.0.5/rpms/mysql-libs-5.0.41-1tr.i586.rpm
30e15f44f5fa368fef923f627dab874a 3.0.5/rpms/mysql-shared-5.0.41-1tr.i586.rpm
3f39698a3c7b81088345536d35fce5ca 3.0.5/rpms/php-5.2.2-1tr.i586.rpm
65d0d36d0b9dcb37462691fe9e98de2e 3.0.5/rpms/php-calendar-5.2.2-1tr.i586.rpm
9b2d68f661a7097570854200e9999389 3.0.5/rpms/php-cli-5.2.2-1tr.i586.rpm
0b16c668f49e35cbb15f90c1c0547903 3.0.5/rpms/php-curl-5.2.2-1tr.i586.rpm
d38460c26a6c174de2762bbf070a6a07 3.0.5/rpms/php-dba-5.2.2-1tr.i586.rpm
63c516c8f5bb1ca9830f6944bf7b36da 3.0.5/rpms/php-devel-5.2.2-1tr.i586.rpm
8ab91fa7dca047cccbb3e32180cfa129 3.0.5/rpms/php-exif-5.2.2-1tr.i586.rpm
93ae862e2c3d33e9fa55c0632e80325f 3.0.5/rpms/php-fcgi-5.2.2-1tr.i586.rpm
9e5f8f0e67ec1a6a4a5ecfd0211cacf8 3.0.5/rpms/php-gd-5.2.2-1tr.i586.rpm
8a673fe1fdfa3ed0779dfc6ee2f04c67 3.0.5/rpms/php-imap-5.2.2-1tr.i586.rpm
fdcd9217147b8efc4d3249482374111a 3.0.5/rpms/php-ldap-5.2.2-1tr.i586.rpm
afef71b6eadff59ace38626f8f4693a5 3.0.5/rpms/php-mcrypt-5.2.2-1tr.i586.rpm
33bc557090ade5f28b6ea8db69e2657e 3.0.5/rpms/php-mhash-5.2.2-1tr.i586.rpm
8a638e9761ddf4f34e242dbe4af2e6a7 3.0.5/rpms/php-mssql-5.2.2-1tr.i586.rpm
12eee4ae49a3b9bf737f76e26a3dcb5e 3.0.5/rpms/php-mysql-5.2.2-1tr.i586.rpm
6890196929d991befdd8516d6e9edf57 3.0.5/rpms/php-mysqli-5.2.2-1tr.i586.rpm
2d9c75a501fdbc4939fc971140a034a6 3.0.5/rpms/php-openssl-5.2.2-1tr.i586.rpm
555df3f3539f62f437040695c6e22f72 3.0.5/rpms/php-pdo-mysql-5.2.2-1tr.i586.rpm
fa955bf11aa661e5ecb7d9f048e125f6 3.0.5/rpms/php-pdo-sqlite-5.2.2-1tr.i586.rpm
2d0f03cdc3af9c3078e9f076fea24531 3.0.5/rpms/php-pgsql-5.2.2-1tr.i586.rpm
00669898c5d3fb48a516ce4b5b92ec92 3.0.5/rpms/php-pspell-5.2.2-1tr.i586.rpm
06bb6a56d057e27eeaf300de9507e807 3.0.5/rpms/php-snmp-5.2.2-1tr.i586.rpm
3ae32fa55704e474320546eef663b33f 3.0.5/rpms/php-sqlite-5.2.2-1tr.i586.rpm
719f07bc3cdc44f75728664244a22552 3.0.5/rpms/php-xslt-5.2.2-1tr.i586.rpm
7551ccb0b902bc7a22e99728d0e4a9da 3.0.5/rpms/php-zlib-5.2.2-1tr.i586.rpm
611867e08b71db582e12287ba2d74f7e 3.0.5/rpms/pptpd-1.3.0-3tr.i586.rpm
a44c900c92da98003726e836efaba213 3.0.5/rpms/quagga-0.99.7-1tr.i586.rpm
f2cdeb3b5d06aab74a4ed658656b0ad6 3.0.5/rpms/quagga-contrib-0.99.7-1tr.i586.rpm
d101c5423e2f33f6ae4d4f37f6817c4c 3.0.5/rpms/quagga-devel-0.99.7-1tr.i586.rpm
9a39eefbc1ae918d83a1f9f13a835dcb 3.0.5/rpms/samba-3.0.24-3tr.i586.rpm
076544bbc7f2875c7a9e39028de4a459 3.0.5/rpms/samba-client-3.0.24-3tr.i586.rpm
7c42cfaa3df86c76fd6749d723f96046 3.0.5/rpms/samba-common-3.0.24-3tr.i586.rpm
6ad34616194f0e043430b66e05e9eead 3.0.5/rpms/samba-devel-3.0.24-3tr.i586.rpm
0cdba2bc23dbff110be8656ca8ed1c92 3.0.5/rpms/samba-mysql-3.0.24-3tr.i586.rpm
9d56e5b6fac87aa82030c67e49751389 3.0.5/rpms/samba-pgsql-3.0.24-3tr.i586.rpm
1ee04a4f5e8fd608680b38297318defa 3.0.5/rpms/vim-7.0.239-1tr.i586.rpm
fe37232ef507d4cc8cd955e5812eb4fe 3.0.5/rpms/vim-doc-7.0.239-1tr.i586.rpm
efac50783453bae49581dfee5e6a414c 3.0.5/rpms/vim-syntax-7.0.239-1tr.i586.rpm
b399c01d9304edc098dc110bf015e274 3.0.5/rpms/vim-tools-7.0.239-1tr.i586.rpm
e7b65da0fae76a80f6aee3ad75b29641 3.0/rpms/elinks-0.11.3-1tr.i586.rpm
fbb97230a0257d3522ac99ab18631dd2 3.0/rpms/php-5.2.2-1tr.i586.rpm
de77b7b45206c523851fb6dac2f5a9ab 3.0/rpms/php-calendar-5.2.2-1tr.i586.rpm
8e794af7217c83cc258c29fa072f28af 3.0/rpms/php-cli-5.2.2-1tr.i586.rpm
3fa371d77039c4fd62558b9df7261ca3 3.0/rpms/php-curl-5.2.2-1tr.i586.rpm
14a32b9b8dd30a560bbafbb90d36953b 3.0/rpms/php-dba-5.2.2-1tr.i586.rpm
1ede7bdbbdb10b8d1d7e4a0434ed816d 3.0/rpms/php-devel-5.2.2-1tr.i586.rpm
106c00b7111f2592c6ee0fb010e162ca 3.0/rpms/php-exif-5.2.2-1tr.i586.rpm
50a84637dc3172a609631483bc9e998b 3.0/rpms/php-fcgi-5.2.2-1tr.i586.rpm
b518e03a488cd4c16f2b329319ceeb47 3.0/rpms/php-gd-5.2.2-1tr.i586.rpm
658ff68470fe31d2cd66e5a502f102cc 3.0/rpms/php-imap-5.2.2-1tr.i586.rpm
480256d9e78ac10a8899700022eabce6 3.0/rpms/php-ldap-5.2.2-1tr.i586.rpm
c210fb595a8d4936cc419ec99b793e5c 3.0/rpms/php-mcrypt-5.2.2-1tr.i586.rpm
6a191039a6bde397dc2b4964f2aacb82 3.0/rpms/php-mhash-5.2.2-1tr.i586.rpm
f53c8c7a906c3b3a71decb78608c2812 3.0/rpms/php-mssql-5.2.2-1tr.i586.rpm
4fda971f80131b792934198e29c6e2ac 3.0/rpms/php-mysql-5.2.2-1tr.i586.rpm
2dc32b5d5ce7d75f51ff905217139380 3.0/rpms/php-mysqli-5.2.2-1tr.i586.rpm
2f37bc01fcd433eb939e91df0dbed576 3.0/rpms/php-openssl-5.2.2-1tr.i586.rpm
e4da804bb33516e7d4ade1556c8dba28 3.0/rpms/php-pdo-mysql-5.2.2-1tr.i586.rpm
39ea9a7da2114a6005a9da03fe429d67 3.0/rpms/php-pdo-sqlite-5.2.2-1tr.i586.rpm
6e58bf31ff8bc7baacfe6e097e857bd6 3.0/rpms/php-pgsql-5.2.2-1tr.i586.rpm
73acac04155223551eca8a28b4033ee7 3.0/rpms/php-pspell-5.2.2-1tr.i586.rpm
f5397523ca4991fc49a55203a441e816 3.0/rpms/php-snmp-5.2.2-1tr.i586.rpm
7ab8a2be632561b13f1d84c9780aecf7 3.0/rpms/php-sqlite-5.2.2-1tr.i586.rpm
0a6d1fbcb86246a77a02d0619e501e52 3.0/rpms/php-xslt-5.2.2-1tr.i586.rpm
e93ec1f9bac14677b9176aece750c956 3.0/rpms/php-zlib-5.2.2-1tr.i586.rpm
57a5f9458a4f5abde916f0b385f0d708 3.0/rpms/pptpd-1.3.0-2tr.i586.rpm
19a9d69a812cbd13ae1f3189c124f0f9 3.0/rpms/quagga-0.99.7-1tr.i586.rpm
a27c229e73f9d93cea94bb3ea1076e4f 3.0/rpms/quagga-contrib-0.99.7-1tr.i586.rpm
d8a399baa8b8d0b94181513a2e399825 3.0/rpms/quagga-devel-0.99.7-1tr.i586.rpm
bf43d4b41c9b5d1bf2eb49f8cbe8bc8a 3.0/rpms/samba-3.0.24-2tr.i586.rpm
a95ac7feca2782f29b222fa2b1d551ee 3.0/rpms/samba-client-3.0.24-2tr.i586.rpm
ef7ebf17fc7e589f65fc8af257d69cf3 3.0/rpms/samba-common-3.0.24-2tr.i586.rpm
c97499277bf72eee3285d1b240634dc6 3.0/rpms/samba-devel-3.0.24-2tr.i586.rpm
3ede5a916cfb20165c7304f655d14382 3.0/rpms/samba-mysql-3.0.24-2tr.i586.rpm
cb4f7287e8d3195d97dab239b9c305dc 3.0/rpms/vim-7.0.239-1tr.i586.rpm
11389cc2300aefa8fd8287929eaa7f24 3.0/rpms/vim-doc-7.0.239-1tr.i586.rpm
8ad04341a7b2256ad91074aa6f01ec6e 3.0/rpms/vim-syntax-7.0.239-1tr.i586.rpm
f6fc0526640c06638181a800f1ba8be0 3.0/rpms/vim-tools-7.0.239-1tr.i586.rpm
ae50fa217465dfb435b86585985b37e8 2.2/rpms/php-5.2.2-1tr.i586.rpm
1f9106a6089ee5068d85d8a30c48d013 2.2/rpms/php-cli-5.2.2-1tr.i586.rpm
fc4f59f8970a39ca44e24faf0d8f5a07 2.2/rpms/php-curl-5.2.2-1tr.i586.rpm
023cbf263764bdedbe281425a073b89b 2.2/rpms/php-devel-5.2.2-1tr.i586.rpm
6bfd95f4a36cb511da5ed7645ba7fdda 2.2/rpms/php-exif-5.2.2-1tr.i586.rpm
755ae81ea9efa21e61fcf5e31bda8de9 2.2/rpms/php-fcgi-5.2.2-1tr.i586.rpm
8cf87c1b3bae9982618c6cb856a9d060 2.2/rpms/php-gd-5.2.2-1tr.i586.rpm
1b64eb185b3f2d06f1bf83846d8a1b21 2.2/rpms/php-imap-5.2.2-1tr.i586.rpm
e46c85591898876b70f841ee64087f5e 2.2/rpms/php-ldap-5.2.2-1tr.i586.rpm
939c8d09f61334f8767789a8ca7ee80b 2.2/rpms/php-mcrypt-5.2.2-1tr.i586.rpm
6563e93e65f5b50d2bfcefad9ec6cd2e 2.2/rpms/php-mhash-5.2.2-1tr.i586.rpm
9849874590f7cb5dfa86c78b4047ece1 2.2/rpms/php-mssql-5.2.2-1tr.i586.rpm
095186b85c2110125f35aa73ea05052c 2.2/rpms/php-mysql-5.2.2-1tr.i586.rpm
ba17f4c61f759adf384f8f70ebb276e5 2.2/rpms/php-mysqli-5.2.2-1tr.i586.rpm
edf2c26ad9bc4e9ccc13f0b331b7a654 2.2/rpms/php-openssl-5.2.2-1tr.i586.rpm
065ff3929f4bd3d0d13e0f7b14962410 2.2/rpms/php-pdo-mysql-5.2.2-1tr.i586.rpm
7ded129275416a1eb28c9ed9a07c4c21 2.2/rpms/php-pdo-sqlite-5.2.2-1tr.i586.rpm
52e5622194837e9d2d7694fe665c5c88 2.2/rpms/php-pgsql-5.2.2-1tr.i586.rpm
77d08a35f51fe6b2709e9d9b8683b0e7 2.2/rpms/php-sqlite-5.2.2-1tr.i586.rpm
df0eb0f7c243031f3b1dfb68043cac81 2.2/rpms/php-zlib-5.2.2-1tr.i586.rpm
89c6d6557d58e17d418a1d8badb82fca 2.2/rpms/php4-4.4.7-1tr.i586.rpm
19820fc100715f0cdfea9fa768419335 2.2/rpms/php4-cli-4.4.7-1tr.i586.rpm
afa803428461b868654ac0a2375bd2d6 2.2/rpms/php4-curl-4.4.7-1tr.i586.rpm
c9b556f951920cf39e7a37f47bc4f755 2.2/rpms/php4-devel-4.4.7-1tr.i586.rpm
942bcba9ead9a44143d4fd85029a804c 2.2/rpms/php4-domxml-4.4.7-1tr.i586.rpm
7d2db195fa8d16b41f845d99e3d73760 2.2/rpms/php4-exif-4.4.7-1tr.i586.rpm
dcb910f93592809d20f6d34889a1e2b7 2.2/rpms/php4-fcgi-4.4.7-1tr.i586.rpm
8d3a1b4ba59ef360f5c45011e40ab17c 2.2/rpms/php4-gd-4.4.7-1tr.i586.rpm
446f140be507fec5d80cd99ae81af507 2.2/rpms/php4-imap-4.4.7-1tr.i586.rpm
e31e89864144eac9c892946fc9fd8ea2 2.2/rpms/php4-ldap-4.4.7-1tr.i586.rpm
7b35528dd9be575dc4811081e492d0aa 2.2/rpms/php4-mhash-4.4.7-1tr.i586.rpm
e6c278d4670045974760af6b51ba89d2 2.2/rpms/php4-mysql-4.4.7-1tr.i586.rpm
2ddfd7b33b8804abe4b0f499323963c6 2.2/rpms/php4-pgsql-4.4.7-1tr.i586.rpm
61fee2073c34cc690bd56ca4642b9334 2.2/rpms/php4-test-4.4.7-1tr.i586.rpm
0c4ce893c30ae7e9e8a1e9042148df46 2.2/rpms/samba-3.0.24-2tr.i586.rpm
ba9ffbaadf973bedf5dbd77783a61351 2.2/rpms/samba-client-3.0.24-2tr.i586.rpm
6534c5a93bceb0e8b88577000a62295e 2.2/rpms/samba-common-3.0.24-2tr.i586.rpm
4b77614bf3eee277ec8cce57b61cafac 2.2/rpms/samba-devel-3.0.24-2tr.i586.rpm
85662a9eb1858a623f51ed2a76497001 2.2/rpms/samba-mysql-3.0.24-2tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFGS/IKi8CEzsK9IksRAiUBAJ0cmJL7xKtNh3M/y9jMpwtzgNIZxgCfcMD5
vpeNQngpbpNAO31ncdTch0A=
=eKjt
-----END PGP SIGNATURE-----
