+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | December 28th, 2001 Volume 2, Number 52a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for mailman, openssh, glibc, namazu, stunnel, and gpm. The vendors include Debian, EnGarde, Red Hat, SuSE, and Trustix. Need a new job? Search for a technical or managerial job at the LinuxSecurity.com Career center. It is located at: http://careers.linuxsecurity.com Why be vulnerable? Its your choice. - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more! Be Secure with EnGarde Secure Professional: http://store.guardiandigital.com/html/eng/493-AA.shtml Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. +---------------------------------+ | mailman | ----------------------------// +---------------------------------+ Updated Mailman packages are now available for Red Hat PowerTools 7 and 7.1. These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman. Red Hat 7.1 i386: ftp://updates.redhat.com/7.1/en/powertools/i386/ mailman-2.0.8-1.i386.rpm 23d42ac2e45b24de1e051cdc2855d32a Red Hat 7.2 i386: i386: ftp://updates.redhat.com/7.2/en/os/i386/ mailman-2.0.8-1.i386.rpm 23d42ac2e45b24de1e051cdc2855d32a Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1764.html +---------------------------------+ | openSSH | ----------------------------// +---------------------------------+ A malicious local user can pass environment variables to the login process if the administrator enables the UseLogin option. This can be abused to bypass authentication and gain root access. Note that this option is not enabled by default on TSL. Trustix: ftp://ftp.trustix.net/pub/Trustix/updates/ ./1.5/RPMS/openssh-server-3.0.2p1-3tr.i586.rpm 1613df3c919e3278b4b635f5b0f2f480 ./1.5/RPMS/openssh-clients-3.0.2p1-3tr.i586.rpm c19f0a3b8560713e2598e346d4e5db17 ./1.5/RPMS/openssh-3.0.2p1-3tr.i586.rpm ffbba79d4cd3d76f4205a8000c8691f0 Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1766.html +---------------------------------+ | glibc | ----------------------------// +---------------------------------+ The file globbing (matching filenames against patterns such as "*.bak") routines in the glibc exhibits an error that results in a heap corruption and that may allow a remote attacker to execute arbitrary commands from processes that take globbing strings from user input. i386: SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/ glibc-2.2.4-64.i386.rpm ab4f2c0a14df2fc904a77e3093ab64c1 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/ glibc-devel-2.2.4-64.i386.rpm 30fecdf4a05cdbb563f89544d83d3832 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/ glibc-profile-2.2.4-64.i386.rpm 170136831b255f9fb4f7626bb0db118c SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-1767.html +---------------------------------+ | namazu | ----------------------------// +---------------------------------+ namazu may inadvertently include malicious HTML tags or script in a dynamically generated page based on unvalidated input from untrustworthy sources. Red Hat 7.0J: i386: ftp://updates.redhat.com/7.0/ja/os/i386/ namazu-2.0.9-0j1.i386.rpm 3ccdb16142a0ae0db0a1abf1985d037e ftp://updates.redhat.com/7.0/ja/os/i386/ namazu-devel-2.0.9-0j1.i386.rpm 7de1feeb554ab8ce7c8ec8fc52d177f2 ftp://updates.redhat.com/7.0/ja/os/i386/ namazu-cgi-2.0.9-0j1.i386.rpm e34d70e1b82e2625a2b9f58998bbb7c1 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1768.html +---------------------------------+ | stunnel | ----------------------------// +---------------------------------+ There is a format string vulnerability in stunnel which may allow an attacker to exploit a victim by impersonating a mail server. There are a couple of instances in stunnel where a format is not passed to a printf-like function, leading to your classic format string vulnerability. It is not know weather or not it is exploitable at this time but all users are recommended to upgrade in any event. EnGarde: http://ftp.engardelinux.org/pub/engarde/stable/updates/ i386/stunnel-3.22-1.0.4.i386.rpm MD5 Sum: 482ff9210541d73b114404ccb9732cf0 i686/stunnel-3.22-1.0.4.i686.rpm MD5 Sum: afad91053b8d482e36e85251fab06755 EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1769.html +---------------------------------+ | gpm | ----------------------------// +---------------------------------+ The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges. Debian Intel IA-32 architecture: http://security.debian.org/dists/stable/updates/main/binary-i386/ gpm_1.17.8-18.1_i386.deb MD5 checksum: 18c837abec8360db146681d2a713177a http://security.debian.org/dists/stable/updates/main/binary-i386/ libgpm1-altdev_1.17.8-18.1_i386.deb MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e http://security.debian.org/dists/stable/updates/main/binary-i386/ libgpm1_1.17.8-18.1_i386.deb MD5 checksum: 815a1e90fe36e603f0803f92b6898f19 http://security.debian.org/dists/stable/updates/main/binary-i386/ libgpmg1-dev_1.17.8-18.1_i386.deb MD5 checksum: 514a1baee569e548349f7c4dc2941f3d http://security.debian.org/dists/stable/updates/main/binary-i386/l ibgpmg1_1.17.8-18.1_i386.deb MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1770.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------