+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | October 26th, 2001 Volume 2, Number 43a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlinesthe security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for gftp, diffutils, nvi, squid, util-linux, openssh, shadow/login, htdig, mod_auth_pgsql, and the Linux kernel. The vendors include Conectiva, Debian, Immunix, and Red Hat. If you did not get a chance to patch your systems last week, it is advisable that you review the newsletter. It is available at the following URL: http://www.linuxsecurity.com/articles/forums_article-3872.html ** FREE Apache SSL Guide from Thawte ** Planning Web Server Security? Find out how to implement SSL! Get the free Thawte Apache SSL Guide and find the answers to all your Apache SSL security issues and more at: http://www.gothawte.com/rd90.html Have you tried EnGarde Secure Linux? The EnGarde Linux distribution was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. http://www.engardelinux.org Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject. +---------------------------------+ | gftp | ----------------------------// +---------------------------------+ gftp displays the password in plain text on the screen within the log window when it is logging into an ftp server. A malicious collegue who is watching the screen could gain access to the users shell on the remote machine. Intel ia32 architecture: Debian http://security.debian.org/dists/stable/updates/main/ binary-i386/gftp_2.0.6a-3.2_i386.deb MD5 checksum: 674adafc20770c71c53a8b44a4959a25 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1656.html +---------------------------------+ | diffutils | ----------------------------// +---------------------------------+ When using sdiff in interactive mode, a temporary file is created. The new diffutils packages make sure to create that file in a secure way. Red Hat: 7.1 i386 ftp://updates.redhat.com/7.1/en/os/i386/diffutils-2.7-23.i386.rpm 062bf0083809452267d49d42aa85d7e2 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1658.html +---------------------------------+ | nvi | ----------------------------// +---------------------------------+ Takeshi Uno found a very stupid format string vulnerability in all versions of nvi (in both, the plain and the multilingualized version). When a filename is saved, it ought to get displayed on the screen. The routine handling this didn't escape format strings. Intel ia32 architecture: Debian http://security.debian.org/dists/stable/updates/main/binary-i386/ nvi-m17n-canna_1.79+19991117-2.3_i386.deb MD5 checksum: c8bd0ea8e2581e2f18b2990c5434ab35 http://security.debian.org/dists/stable/updates/main/binary-i386/ nvi-m17n_1.79+19991117-2.3_i386.deb MD5 checksum: 93235c24ff0efac3b3636664c30b8c6e http://security.debian.org/dists/stable/updates/main/ binary-i386/nvi_1.79-16a.1_i386.deb MD5 checksum: 0b04432bb3c62661cafe89b6353ff768 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1659.html +---------------------------------+ | squid | ----------------------------// +---------------------------------+ New squid packages are available that fix a potential DoS in Squid's FTP handling code. It is recommened that squid users update to the fixed packages. Red Hat 7.2 i386: ftp://updates.redhat.com/7.2/en/os/i386/ squid-2.4.STABLE1-6.i386.rpm b5f0ca849fcef20c0c05b2bea268520e Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1660.html +---------------------------------+ | until-linux | ----------------------------// +---------------------------------+ New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. Red Hat Linux 7.2: i386: http://www.linuxsecurity.com/advisories/caldera_advisory-1661.html c0f329c070e416fbb20c97670199d3fe Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1661.html +---------------------------------+ | openssh | ----------------------------// +---------------------------------+ If a user lists multiple keys in her .ssh/authorized_keys2 file, sshd may in some circumstances not honor the "from" option which can be associated with a key, thereby allowing key-based logins from hosts which should not be allowed access. Red Hat Linux 7.2: i386: ftp://updates.redhat.com/7.2/en/os/i386/ openssh-2.9p2-9.i386.rpm c553416074a5fc54d309c6e7653f684a ftp://updates.redhat.com/7.2/en/os/i386/ openssh-clients-2.9p2-9.i386.rpm 557a7615d1abf68e4b2bb998c0091638 ftp://updates.redhat.com/7.2/en/os/i386/ openssh-server-2.9p2-9.i386.rpm 4b1df978407683e2c160f496f24e26e5 ftp://updates.redhat.com/7.2/en/os/i386/ openssh-askpass-2.9p2-9.i386.rpm f35d0f0b45fd5fd3ceb06589ca18aab3 ftp://updates.redhat.com/7.2/en/os/i386/ openssh-askpass-gnome-2.9p2-9.i386.rpm d9fcc0d6d03c59b04681d6e755e3cb92 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-1662.html Conectiva: PLEASE SEE VENDOR ADVISORY Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1666.html +---------------------------------+ | shadow / login | ----------------------------// +---------------------------------+ Multiple Linux vendors have issued security announcements about failures of the /bin/login program to properly initialize the privileges of an authenticated user if the PAM module pam_limits is enabled. SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/ shadow-20000902-144.i386.rpm 9380496a4a248aeac73d7136de381348 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1663.html +---------------------------------+ | htdig | ----------------------------// +---------------------------------+ Due to insufficient checking of the running environment it is possible to use commandline options via CGI. An remote attacker could use the -c option to specify /dev/zero as an alternate config file to causes a denial of service for some minutes. i386 Intel Platform: SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/ htdig-3.1.5-304.i386.rpm 543b0668bbbe3c35a7b7f4aab523a497 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1664.html +---------------------------------+ | mod_auth_pgsql | ----------------------------// +---------------------------------+ The updated mod_auth_pgsql packages close a vulnerability which would allow a malicious client to cause a Web server to execute arbitrary SQL statements. Several Apache authentication modules which use SQL databases to store authentication information are vulnerable to a remote SQL code injection attack. A bug in the MD5 password mechanism causing valid passwords not to authenticate the user has also been fixed. Red Hat Linux 7.2: i386: ftp://updates.redhat.com/7.2/en/os/i386/ mod_auth_pgsql-0.9.9-2.i386.rpm 30c43be9ed24fbf0e3b7e1e44ff28808 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1665.html +---------------------------------+ | kernel | ----------------------------// +---------------------------------+ A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges. Red Hat: PLEASE SEE VENDOR ADVISORY Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1655.html Immunix: PLEASE SEE VENDOR ADVISORY Immunix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1657.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------