Linux Advisory Watch - May 3rd 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  May 3rd, 2002                            Volume 3, Number 18a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.


This week, advisories were released for fileutils, imlib, sudo, webalizer,
openssh, squid, docbook, modpython, nautilis, and radiusd-cistron.  The
vendors include Caldera, Conectiva, EnGarde, Red Hat, SuSE, and Trustix.

* FREE Apache SSL Guide from Thawte *

Are you worried about your web server security?  Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.

 --> http://www.gothawte.com/rd248.html 

  
** Build Complete Internet Presence Quickly and Securely! **

EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use! Don't jeopardize your
organization with an off-the shelf Linux!

  --> http://www.guardiandigital.com/promo/ls150402.html 



+---------------------------------+
|  fileutils                      | ----------------------------//
+---------------------------------+  

A race condition in various utilities from the GNU fileutils package may
cause a root user to delete the whole filesystem.

 Caldera: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/ 
 3.1.1/Server/current/RPMS 

 fileutils-4.1-4.i386.rpm 
 f10c905587b4221fc794cefaf262e9ee 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2045.html


  

+---------------------------------+
|  imlib                          | ----------------------------//
+---------------------------------+  

Imlib versions prior to 1.9.13 would fall back to loading images via the
NetPBM package. NetPBM has various problems itself that make it unsuitable
for loading untrusted images. This may allow attackers to construct images
that, when loaded by a viewer using Imlib, could cause crashes or
potentially, the execution of arbitrary code.

 Caldera: 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/ 
 3.1.1/Server/current/RPMS 
 imlib-1.9.14-1.i386.rpm 
 56ed4f4cdf53abc39ba462021496314b 

 imlib-devel-1.9.14-1.i386.rpm 
 743951ea75a12121f6696a57a6a4d091 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2047.html


  

+---------------------------------+
|   sudo                          | ----------------------------//
+---------------------------------+  

Global InterSec published[3] an advisory about a memory heap corruption
vulnerability[2] in sudo. This vulnerability could possibly be used by
local attackers to obtain root privileges. Sudo allows users to specify
the password prompt they receive. This prompt can contain macros (such as
%h) that will be expanded by sudo. Sudo can be tricked into allocating the
wrong ammount of memory for this prompt.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 sudo-1.6.6-1U8_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 sudo-doc-1.6.6-1U8_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2037.html 
  

 EnGarde: 
 ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ 
 i386/sudo-1.6.4-1.0.7.i386.rpm 
 MD5 Sum: 0ecafa8dd05315772afa7e77f7089d69 

 i686/sudo-1.6.4-1.0.7.i686.rpm 
 MD5 Sum: a267c880a9e0093e4e13d140898756cc 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2040.html 
  

 Trustix: 
 ftp://ftp.trustix.net/pub/Trustix/updates/ 
 /1.5/RPMS/sudo-1.6.6-1tr.i586.rpm 
 0bb2e55703b06a958ff2016c8f639636 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2042.html 
  

 Slackware 8.0: 
 ftp://ftp.slackware.com/pub/slackware/slackware-8.0/ 
 patches/packages/sudo.tgz 
 d0598233fefeb9d37450eec10a087e07 

 Slackware Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/slackware_advisory-2036.html


 SuSE-8.0: 
 ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/ 
 sudo-1.6.5p2-79.i386.rpm 
 b54f68ff4b32f9d920f2f1ff887d1ddc 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2046.html

  
  

+---------------------------------+
|  webalizer                      | ----------------------------//
+---------------------------------+  

Spybreak reported[2] a buffer overflow vulnerability[3] in the DNS
resolver code. This flaw could possibly be exploited by a remote attacker
in control of a DNS server which would be queried by the webalizer
program. Webalizer in Conectiva Linux is not executed by default, it is
necessary for the user to configure and enable a cron job for it to run.

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 webalizer-2.01.10-4U70_1cl.i386.rpm 

 ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ 
 webalizer-doc-2.01.10-4U70_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2038.html


  
  
+---------------------------------+
|   openssh                       | ----------------------------//
+---------------------------------+  

Buffer overflow in OpenSSH's sshd if AFS has been configured on the system
or if KerberosTgtPassing or AFSTokenPassing has been enabled in the
sshd_config file.  Ticket and token passing is not enabled by default.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 OpenSSH Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2039.html 
  

 Trustix: 
 http://www.trustix.net/errata/trustix-1.5/ 
 /1.5/RPMS/openssh-server-3.1.0p1-3tr.i586.rpm 
 f00b0fa1bf6f52826cf8623893501781 

 /1.5/RPMS/openssh-clients-3.1.0p1-3tr.i586.rpm 
 20a431fd990edfb51f62cf80c7298d82 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2043.html


  

+---------------------------------+
|   squid                         | ----------------------------//
+---------------------------------+  

A security issue was recently found and fixed by the squid team. The bug
exists in the Squid-2.X releases up to and including 2.4.STABLE4. Error
and boundary conditions were not checked when handling compressed DNS
answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS
server could craft a DNS reply that causes Squid to exit with a SIGSEGV.

 Trustix: 
 ftp://ftp.trustix.net/pub/Trustix/updates/ 
 /1.5/RPMS/squid-2.4.STABLE6-1tr.i586.rpm 
 69369be4888324c1b2e2eeb38018f97e 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2041.html


  

+---------------------------------+
|   docbook                       | ----------------------------//
+---------------------------------+  

The default stylesheet used when converting a DocBook document to multiple
HTML files allows an untrusted document to write files outside of the
current directory. This is because element identifiers (specified in the
document) are used to form the names of the output files.

 Red Hat Linux 7.2: 
 noarch: 
 ftp://updates.redhat.com/7.2/en/os/noarch/ 
 docbook-utils-0.6.9-2.1.noarch.rpm 
 e6b43a27e4712ee6a91871605092acab 

 ftp://updates.redhat.com/7.2/en/os/noarch/ 
 docbook-utils-pdf-0.6.9-2.1.noarch.rpm 
 a45e3dddc9f3269c3db77bd153697df3 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2048.html



+---------------------------------+
|  modpython                      | ----------------------------//
+---------------------------------+  

Updated mod_python packages have been made available for Red Hat Linux
7.2. These updates close a security issue in mod_python which allows the
publisher handler to use modules which have only been indirectly imported.

 Red Hat 7.2 i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 mod_python-2.7.8-1.i386.rpm 
 9b9e4a43002cd22f9a8df7fd9784e925 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2049.html


  
+---------------------------------+
|   Nautilus                      | ----------------------------//
+---------------------------------+  

The Nautilus file manager (used by default in the GNOME desktop
environment) writes metadata files containing information about files and
directories that have been visited in the file manager. The metadata file
code in Red Hat Linux 7.2 can be tricked into chasing a symlink and
overwriting the symlink target.

 Red Hat: i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 nautilus-1.0.4-46.i386.rpm 
 f91c1cb8fb30034c8ea8aefa184c5589 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 nautilus-devel-1.0.4-46.i386.rpm 
 af4c6accb8c0e4ec60921e0938ad925d 

 ftp://updates.redhat.com/7.2/en/os/i386/ 
 nautilus-mozilla-1.0.4-46.i386.rpm 
 84ffe4f70577e6d235086a8a7cd86a4d 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2050.html



+---------------------------------+
|  radiusd-cistron                | ----------------------------//
+---------------------------------+  

ZARAZA reported security releated bugs in various radius server and client
software. The list of vulnerable servers includes the cistron radius
package. Within the cistron package, a buffer overflow in the digest
calculation function and miscalculations of attribute lengths have been
fixed which could allow remote attackers to execute arbitrary commands on
the system running the radius server.

 SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/ 
 radiusd-cistron-1.6.4-168.i386.rpm 
 8215e7113e8937844ab5d2deba8bbb13 
 
 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2044.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux