+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| December 28th, 2001 Volume 2, Number 52a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for mailman, openssh, glibc, namazu,
stunnel, and gpm. The vendors include Debian, EnGarde, Red Hat, SuSE, and
Trustix.
Need a new job? Search for a technical or managerial job at the
LinuxSecurity.com Career center. It is located at:
http://careers.linuxsecurity.com
Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
Be Secure with EnGarde Secure Professional:
http://store.guardiandigital.com/html/eng/493-AA.shtml
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
+---------------------------------+
| mailman | ----------------------------//
+---------------------------------+
Updated Mailman packages are now available for Red Hat PowerTools 7 and
7.1. These updates fix cross-site scripting bugs which might allow
another server to be used to gain a user's private information from a
server running Mailman.
Red Hat 7.1 i386:
ftp://updates.redhat.com/7.1/en/powertools/i386/
mailman-2.0.8-1.i386.rpm
23d42ac2e45b24de1e051cdc2855d32a
Red Hat 7.2 i386:
i386:
ftp://updates.redhat.com/7.2/en/os/i386/
mailman-2.0.8-1.i386.rpm
23d42ac2e45b24de1e051cdc2855d32a
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1764.html
+---------------------------------+
| openSSH | ----------------------------//
+---------------------------------+
A malicious local user can pass environment variables to the login process
if the administrator enables the UseLogin option. This can be abused to
bypass authentication and gain root access. Note that this option is not
enabled by default on TSL.
Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/
./1.5/RPMS/openssh-server-3.0.2p1-3tr.i586.rpm
1613df3c919e3278b4b635f5b0f2f480
./1.5/RPMS/openssh-clients-3.0.2p1-3tr.i586.rpm
c19f0a3b8560713e2598e346d4e5db17
./1.5/RPMS/openssh-3.0.2p1-3tr.i586.rpm
ffbba79d4cd3d76f4205a8000c8691f0
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1766.html
+---------------------------------+
| glibc | ----------------------------//
+---------------------------------+
The file globbing (matching filenames against patterns such as "*.bak")
routines in the glibc exhibits an error that results in a heap corruption
and that may allow a remote attacker to execute arbitrary commands from
processes that take globbing strings from user input.
i386: SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/
glibc-2.2.4-64.i386.rpm
ab4f2c0a14df2fc904a77e3093ab64c1
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/
glibc-devel-2.2.4-64.i386.rpm
30fecdf4a05cdbb563f89544d83d3832
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/
glibc-profile-2.2.4-64.i386.rpm
170136831b255f9fb4f7626bb0db118c
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1767.html
+---------------------------------+
| namazu | ----------------------------//
+---------------------------------+
namazu may inadvertently include malicious HTML tags or script in a
dynamically generated page based on unvalidated input from untrustworthy
sources.
Red Hat 7.0J: i386:
ftp://updates.redhat.com/7.0/ja/os/i386/
namazu-2.0.9-0j1.i386.rpm
3ccdb16142a0ae0db0a1abf1985d037e
ftp://updates.redhat.com/7.0/ja/os/i386/
namazu-devel-2.0.9-0j1.i386.rpm
7de1feeb554ab8ce7c8ec8fc52d177f2
ftp://updates.redhat.com/7.0/ja/os/i386/
namazu-cgi-2.0.9-0j1.i386.rpm
e34d70e1b82e2625a2b9f58998bbb7c1
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1768.html
+---------------------------------+
| stunnel | ----------------------------//
+---------------------------------+
There is a format string vulnerability in stunnel which may allow an
attacker to exploit a victim by impersonating a mail server. There are a
couple of instances in stunnel where a format is not passed to a
printf-like function, leading to your classic format string vulnerability.
It is not know weather or not it is exploitable at this time but all users
are recommended to upgrade in any event.
EnGarde:
http://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/stunnel-3.22-1.0.4.i386.rpm
MD5 Sum: 482ff9210541d73b114404ccb9732cf0
i686/stunnel-3.22-1.0.4.i686.rpm
MD5 Sum: afad91053b8d482e36e85251fab06755
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1769.html
+---------------------------------+
| gpm | ----------------------------//
+---------------------------------+
The package 'gpm' contains the 'gpm-root' program, which can be used to
create mouse-activated menus on the console. Among other problems, the
gpm-root program contains a format string vulnerability, which allows an
attacker to gain root privileges.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
gpm_1.17.8-18.1_i386.deb
MD5 checksum: 18c837abec8360db146681d2a713177a
http://security.debian.org/dists/stable/updates/main/binary-i386/
libgpm1-altdev_1.17.8-18.1_i386.deb
MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e
http://security.debian.org/dists/stable/updates/main/binary-i386/
libgpm1_1.17.8-18.1_i386.deb
MD5 checksum: 815a1e90fe36e603f0803f92b6898f19
http://security.debian.org/dists/stable/updates/main/binary-i386/
libgpmg1-dev_1.17.8-18.1_i386.deb
MD5 checksum: 514a1baee569e548349f7c4dc2941f3d
http://security.debian.org/dists/stable/updates/main/binary-i386/l
ibgpmg1_1.17.8-18.1_i386.deb
MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1770.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
