Linux Advisory Watch - November 2nd 2001

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  November 2nd, 2001                       Volume 2, Number 44a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
 
Linux Advisory Watch is a comprehensive newsletter that outlinesthe
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for squid, kernel, uucp, webalizer,
htdig, util-linux, teTeX, libdb, and the Red Hat printing system.  
Vendors include Caldera, EnGarde, Mandrake, Red Hat, and SuSE.

Do you trust your network operating system? The EnGarde Linux distribution
was designed from the ground up as a secure solution, starting with the
principle of least privilege, and carrying it through every aspect of its
implementation.

 --> http://www.engardelinux.org 


   ** FREE Apache SSL Guide from Thawte **
 
   Planning Web Server Security? Find out how to implement SSL! 
   Get the free Thawte Apache SSL Guide and find the answers to all 
   your Apache SSL security issues and more at: 
 
   http://www.gothawte.com/rd90.html 
 

Take advantage of our Linux Security discussion list!  This mailing list
is for general security-related questions and comments. To subscribe send
an e-mail to security-discuss-request@linuxsecurity.com with "subscribe"
as the subject.
 
 
 
+---------------------------------+
|   squid                         | ----------------------------//
+---------------------------------+
  
The squid proxy server can be crashed with a malformed request, resulting
in a denial of service attack. After the crash, the squid proxy must be
restarted. The weakness can only be triggered from an address that is
allowed to send requests, as configured in the squid configuration file.

 i386 Intel Platform: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 

 squid-2.3.STABLE4-132.i386.rpm 
 f36c9784ca566b2cf54f75396e512ff6 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
 squid-beta-2.4.STABLE2-33.i386.rpm 
 3f49f2edbda920c97c0833752f82a451 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1670.html


+---------------------------------+
|   kernel                        | ----------------------------//
+---------------------------------+

A recursive symlink structure can cause the kernel to consume excessive
CPU time, causing the machine to halt for an arbitrary amount of time.
ptrace(2), the system call used to trace processes as done by the
strace(1) command, must not be given permissions to trace setuid or setgid
programs (processes with a different effective uid or gid than the
caller's uid/gid). A race condition in the ptrace() kernel code was the
reason for the kernel update in May 2001.

 PLEASE SEE VENDOR ADVISORY 
 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1667.html 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1668.html


  
+---------------------------------+
|  uucp                           | ----------------------------//
+---------------------------------+

UUCP is a well known tool suite for copying data between unix-like
systems. Zen-Parse reported that the higher privileges of uux (UID uucp)
aren't dropped if long options instead of normal (short) options are used.
An attacker could exploit this hole, by specifying a malicious
configuration file to execute and/or access arbitrary data with the
privilege of user uucp.

 i386 Intel Platform: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/ 
 uucp-1.06.1-333.i386.rpm 
 aec2eff9ec839494416563a39e72e57d 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1673.html


  
+---------------------------------+
|   webalizer                     | ----------------------------//
+---------------------------------+

A bug in versions of webalizer prior to 2.01_09 allowed users to embed
malicious HTML tags in reports generated by webalizer.

 Red Hat: i386: 
 ftp://updates.redhat.com/7.1/en/powertools/i386/ 
 webalizer-2.01_09-0.71.i386.rpm 
 0d77b8f5ce3e1c04fa6c217204598232 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1672.html 

 EnGarde: i386 
 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
 i386/webalizer-2.01-1.0.3.i386.rpm 
 MD5 Sum:  3d8d8b5169a447565cac5aca1103ecea 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1677.html


+---------------------------------+
|   htdig                         | ----------------------------//
+---------------------------------+

A problem was discovered in the ht://Dig web indexing and searching
program.  Nergal reported a vulnerability in htsearch that allows a remote
user to pass the -c parameter, to use a specific config file, to the
htsearch program when running as a CGI. A malicious user could point to a
file like /dev/zero and force the CGI to stall until it times out.  
Repeated attacks could result in a DoS.

 Mandrake Linux 8.1: 
 8.1/RPMS/htdig-3.2.0-0.5mdk.i586.rpm 
 4416ba76bc1bc8fe21aaa278d600fd00 

 8.1/RPMS/htdig-devel-3.2.0-0.5mdk.i586.rpm 
 6ba81746cf6b915e66fa11d05bff70f9 

 8.1/RPMS/htdig-web-3.2.0-0.5mdk.i586.rpm 
 09e82bd967c00e553541f8ce424b53e9 

 http://www.linux-mandrake.com/en/ftp.php3 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1678.html


  
+---------------------------------+
|   util-linux                    | ----------------------------//
+---------------------------------+

Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It
stored the value of a static pwent buffer across PAM calls, and when used
with some PAM modules in non-default configurations (ie. using
pam_limits), it would overwrite the buffer and cause the user to get the
credentials of another user.  Thanks to Olaf Kirch for providing the patch
to fix the problem.

 Mandrake Linux 8.1: 
 8.1/RPMS/util-linux-2.11h-3.1mdk.i586.rpm 
 eed8a58dafde65f693ef09c6b638d119 
 http://www.linux-mandrake.com/en/ftp.php3 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-1679.html


  
  
+---------------------------------+
|   teTeX                         | ----------------------------//
+---------------------------------+

Updated teTeX packages are available, fixing a temporary file handling
vulnerability and an insecure invocation of dvips in a print filter. A
flaw has been discovered in the temporary file handling of some of the
scripts from the teTeX set of packages. This can, under some
circumstances, lead to a compromise of the groups that LPRng runs as.
Several scripts used the current process ID as temporary file names and
have now been altered to use the 'mktemp' program instead.

 PLEASE SEE VENDOR ADVISORY 
 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1671.html


  
+---------------------------------+
|   libdb                         | ----------------------------//
+---------------------------------+

Due to a configuration mistake in the libdb1 package included with
OpenLinux 3.1 some programs were using unsafe version of the snprintf and
vsnprintf functions. This might allow remote attackers to gain access to
your system or local attackers to gain root access.

 Caldera: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/ 
 Server/current/RPMS 
 RPMS/db-2.7.7-12.i386.rpm 
 b65dffa8ceae770641db9f524e99653d 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-1675.html


  
+---------------------------------+
|   Red Hat printing              | ----------------------------//
+---------------------------------+

Ghostscript, a postscript interpreter, possess various 'file', 'run',
etc., commands internally. It also provides a -dSAFER flag to restrict the
use of the commands. However, the -dSAFER flag is meant to protect a user
from malicious postscript, not to protect a system from inappropriate
snooping by a user, and so it is still possible to _read_ files in the
SAFER mode.

 Red Hat: i386: 
 ftp://updates.redhat.com/7.1/en/os/i386/g 
 hostscript-5.50-19.rh7.1.i386.rpm 
 aab6f7a301909bb2eae04d5ab7b87d5d 

 ftp://updates.redhat.com/7.1/en/os/i386/ 
 printconf-0.2.15-2.i386.rpm 
 a2b7f27e31b71218703cb68f95355e24 

 ftp://updates.redhat.com/7.1/en/os/i386/ 
 printconf-gui-0.2.15-2.i386.rpm 
 b20e1817f9b81ba5503c9864588e2f92 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1669.html  

 Updated Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1674.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux