+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| May 3rd, 2002 Volume 3, Number 18a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for fileutils, imlib, sudo, webalizer,
openssh, squid, docbook, modpython, nautilis, and radiusd-cistron. The
vendors include Caldera, Conectiva, EnGarde, Red Hat, SuSE, and Trustix.
* FREE Apache SSL Guide from Thawte *
Are you worried about your web server security? Click here to get a FREE
Thawte Apache SSL Guide and find the answers to all your Apache SSL
security needs.
--> http://www.gothawte.com/rd248.html
** Build Complete Internet Presence Quickly and Securely! **
EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use! Don't jeopardize your
organization with an off-the shelf Linux!
--> http://www.guardiandigital.com/promo/ls150402.html
+---------------------------------+
| fileutils | ----------------------------//
+---------------------------------+
A race condition in various utilities from the GNU fileutils package may
cause a root user to delete the whole filesystem.
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/
3.1.1/Server/current/RPMS
fileutils-4.1-4.i386.rpm
f10c905587b4221fc794cefaf262e9ee
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2045.html
+---------------------------------+
| imlib | ----------------------------//
+---------------------------------+
Imlib versions prior to 1.9.13 would fall back to loading images via the
NetPBM package. NetPBM has various problems itself that make it unsuitable
for loading untrusted images. This may allow attackers to construct images
that, when loaded by a viewer using Imlib, could cause crashes or
potentially, the execution of arbitrary code.
Caldera:
ftp://ftp.caldera.com/pub/updates/OpenLinux/
3.1.1/Server/current/RPMS
imlib-1.9.14-1.i386.rpm
56ed4f4cdf53abc39ba462021496314b
imlib-devel-1.9.14-1.i386.rpm
743951ea75a12121f6696a57a6a4d091
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2047.html
+---------------------------------+
| sudo | ----------------------------//
+---------------------------------+
Global InterSec published[3] an advisory about a memory heap corruption
vulnerability[2] in sudo. This vulnerability could possibly be used by
local attackers to obtain root privileges. Sudo allows users to specify
the password prompt they receive. This prompt can contain macros (such as
%h) that will be expanded by sudo. Sudo can be tricked into allocating the
wrong ammount of memory for this prompt.
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
sudo-1.6.6-1U8_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
sudo-doc-1.6.6-1U8_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2037.html
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/sudo-1.6.4-1.0.7.i386.rpm
MD5 Sum: 0ecafa8dd05315772afa7e77f7089d69
i686/sudo-1.6.4-1.0.7.i686.rpm
MD5 Sum: a267c880a9e0093e4e13d140898756cc
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2040.html
Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/
/1.5/RPMS/sudo-1.6.6-1tr.i586.rpm
0bb2e55703b06a958ff2016c8f639636
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2042.html
Slackware 8.0:
ftp://ftp.slackware.com/pub/slackware/slackware-8.0/
patches/packages/sudo.tgz
d0598233fefeb9d37450eec10a087e07
Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2036.html
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/
sudo-1.6.5p2-79.i386.rpm
b54f68ff4b32f9d920f2f1ff887d1ddc
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2046.html
+---------------------------------+
| webalizer | ----------------------------//
+---------------------------------+
Spybreak reported[2] a buffer overflow vulnerability[3] in the DNS
resolver code. This flaw could possibly be exploited by a remote attacker
in control of a DNS server which would be queried by the webalizer
program. Webalizer in Conectiva Linux is not executed by default, it is
necessary for the user to configure and enable a cron job for it to run.
Conectiva:
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
webalizer-2.01.10-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/
webalizer-doc-2.01.10-4U70_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2038.html
+---------------------------------+
| openssh | ----------------------------//
+---------------------------------+
Buffer overflow in OpenSSH's sshd if AFS has been configured on the system
or if KerberosTgtPassing or AFSTokenPassing has been enabled in the
sshd_config file. Ticket and token passing is not enabled by default.
PLEASE SEE VENDOR ADVISORY FOR UPDATE
OpenSSH Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2039.html
Trustix:
http://www.trustix.net/errata/trustix-1.5/
/1.5/RPMS/openssh-server-3.1.0p1-3tr.i586.rpm
f00b0fa1bf6f52826cf8623893501781
/1.5/RPMS/openssh-clients-3.1.0p1-3tr.i586.rpm
20a431fd990edfb51f62cf80c7298d82
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2043.html
+---------------------------------+
| squid | ----------------------------//
+---------------------------------+
A security issue was recently found and fixed by the squid team. The bug
exists in the Squid-2.X releases up to and including 2.4.STABLE4. Error
and boundary conditions were not checked when handling compressed DNS
answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS
server could craft a DNS reply that causes Squid to exit with a SIGSEGV.
Trustix:
ftp://ftp.trustix.net/pub/Trustix/updates/
/1.5/RPMS/squid-2.4.STABLE6-1tr.i586.rpm
69369be4888324c1b2e2eeb38018f97e
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2041.html
+---------------------------------+
| docbook | ----------------------------//
+---------------------------------+
The default stylesheet used when converting a DocBook document to multiple
HTML files allows an untrusted document to write files outside of the
current directory. This is because element identifiers (specified in the
document) are used to form the names of the output files.
Red Hat Linux 7.2:
noarch:
ftp://updates.redhat.com/7.2/en/os/noarch/
docbook-utils-0.6.9-2.1.noarch.rpm
e6b43a27e4712ee6a91871605092acab
ftp://updates.redhat.com/7.2/en/os/noarch/
docbook-utils-pdf-0.6.9-2.1.noarch.rpm
a45e3dddc9f3269c3db77bd153697df3
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2048.html
+---------------------------------+
| modpython | ----------------------------//
+---------------------------------+
Updated mod_python packages have been made available for Red Hat Linux
7.2. These updates close a security issue in mod_python which allows the
publisher handler to use modules which have only been indirectly imported.
Red Hat 7.2 i386:
ftp://updates.redhat.com/7.2/en/os/i386/
mod_python-2.7.8-1.i386.rpm
9b9e4a43002cd22f9a8df7fd9784e925
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2049.html
+---------------------------------+
| Nautilus | ----------------------------//
+---------------------------------+
The Nautilus file manager (used by default in the GNOME desktop
environment) writes metadata files containing information about files and
directories that have been visited in the file manager. The metadata file
code in Red Hat Linux 7.2 can be tricked into chasing a symlink and
overwriting the symlink target.
Red Hat: i386:
ftp://updates.redhat.com/7.2/en/os/i386/
nautilus-1.0.4-46.i386.rpm
f91c1cb8fb30034c8ea8aefa184c5589
ftp://updates.redhat.com/7.2/en/os/i386/
nautilus-devel-1.0.4-46.i386.rpm
af4c6accb8c0e4ec60921e0938ad925d
ftp://updates.redhat.com/7.2/en/os/i386/
nautilus-mozilla-1.0.4-46.i386.rpm
84ffe4f70577e6d235086a8a7cd86a4d
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2050.html
+---------------------------------+
| radiusd-cistron | ----------------------------//
+---------------------------------+
ZARAZA reported security releated bugs in various radius server and client
software. The list of vulnerable servers includes the cistron radius
package. Within the cistron package, a buffer overflow in the digest
calculation function and miscalculations of attribute lengths have been
fixed which could allow remote attackers to execute arbitrary commands on
the system running the radius server.
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/
radiusd-cistron-1.6.4-168.i386.rpm
8215e7113e8937844ab5d2deba8bbb13
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2044.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
