+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | May 3rd, 2002 Volume 3, Number 18a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave@linuxsecurity.com ben@linuxsecurity.com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for fileutils, imlib, sudo, webalizer, openssh, squid, docbook, modpython, nautilis, and radiusd-cistron. The vendors include Caldera, Conectiva, EnGarde, Red Hat, SuSE, and Trustix. * FREE Apache SSL Guide from Thawte * Are you worried about your web server security? Click here to get a FREE Thawte Apache SSL Guide and find the answers to all your Apache SSL security needs. --> http://www.gothawte.com/rd248.html ** Build Complete Internet Presence Quickly and Securely! ** EnGarde Secure Linux has everything necessary to create thousands of virtual Web sites, manage e-mail, DNS, firewalling, and database functions for an entire organization, all using a secure Web-based front-end. Engineered to be secure and easy to use! Don't jeopardize your organization with an off-the shelf Linux! --> http://www.guardiandigital.com/promo/ls150402.html +---------------------------------+ | fileutils | ----------------------------// +---------------------------------+ A race condition in various utilities from the GNU fileutils package may cause a root user to delete the whole filesystem. Caldera: ftp://ftp.caldera.com/pub/updates/OpenLinux/ 3.1.1/Server/current/RPMS fileutils-4.1-4.i386.rpm f10c905587b4221fc794cefaf262e9ee Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2045.html +---------------------------------+ | imlib | ----------------------------// +---------------------------------+ Imlib versions prior to 1.9.13 would fall back to loading images via the NetPBM package. NetPBM has various problems itself that make it unsuitable for loading untrusted images. This may allow attackers to construct images that, when loaded by a viewer using Imlib, could cause crashes or potentially, the execution of arbitrary code. Caldera: ftp://ftp.caldera.com/pub/updates/OpenLinux/ 3.1.1/Server/current/RPMS imlib-1.9.14-1.i386.rpm 56ed4f4cdf53abc39ba462021496314b imlib-devel-1.9.14-1.i386.rpm 743951ea75a12121f6696a57a6a4d091 Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2047.html +---------------------------------+ | sudo | ----------------------------// +---------------------------------+ Global InterSec published[3] an advisory about a memory heap corruption vulnerability[2] in sudo. This vulnerability could possibly be used by local attackers to obtain root privileges. Sudo allows users to specify the password prompt they receive. This prompt can contain macros (such as %h) that will be expanded by sudo. Sudo can be tricked into allocating the wrong ammount of memory for this prompt. Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ sudo-1.6.6-1U8_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ sudo-doc-1.6.6-1U8_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2037.html EnGarde: ftp://ftp.engardelinux.org/pub/engarde/stable/updates/ i386/sudo-1.6.4-1.0.7.i386.rpm MD5 Sum: 0ecafa8dd05315772afa7e77f7089d69 i686/sudo-1.6.4-1.0.7.i686.rpm MD5 Sum: a267c880a9e0093e4e13d140898756cc EnGarde Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2040.html Trustix: ftp://ftp.trustix.net/pub/Trustix/updates/ /1.5/RPMS/sudo-1.6.6-1tr.i586.rpm 0bb2e55703b06a958ff2016c8f639636 Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2042.html Slackware 8.0: ftp://ftp.slackware.com/pub/slackware/slackware-8.0/ patches/packages/sudo.tgz d0598233fefeb9d37450eec10a087e07 Slackware Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-2036.html SuSE-8.0: ftp://ftp.suse.com/pub/suse/i386/update/8.0/ap1/ sudo-1.6.5p2-79.i386.rpm b54f68ff4b32f9d920f2f1ff887d1ddc SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2046.html +---------------------------------+ | webalizer | ----------------------------// +---------------------------------+ Spybreak reported[2] a buffer overflow vulnerability[3] in the DNS resolver code. This flaw could possibly be exploited by a remote attacker in control of a DNS server which would be queried by the webalizer program. Webalizer in Conectiva Linux is not executed by default, it is necessary for the user to configure and enable a cron job for it to run. Conectiva: ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ webalizer-2.01.10-4U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ webalizer-doc-2.01.10-4U70_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2038.html +---------------------------------+ | openssh | ----------------------------// +---------------------------------+ Buffer overflow in OpenSSH's sshd if AFS has been configured on the system or if KerberosTgtPassing or AFSTokenPassing has been enabled in the sshd_config file. Ticket and token passing is not enabled by default. PLEASE SEE VENDOR ADVISORY FOR UPDATE OpenSSH Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2039.html Trustix: http://www.trustix.net/errata/trustix-1.5/ /1.5/RPMS/openssh-server-3.1.0p1-3tr.i586.rpm f00b0fa1bf6f52826cf8623893501781 /1.5/RPMS/openssh-clients-3.1.0p1-3tr.i586.rpm 20a431fd990edfb51f62cf80c7298d82 Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2043.html +---------------------------------+ | squid | ----------------------------// +---------------------------------+ A security issue was recently found and fixed by the squid team. The bug exists in the Squid-2.X releases up to and including 2.4.STABLE4. Error and boundary conditions were not checked when handling compressed DNS answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV. Trustix: ftp://ftp.trustix.net/pub/Trustix/updates/ /1.5/RPMS/squid-2.4.STABLE6-1tr.i586.rpm 69369be4888324c1b2e2eeb38018f97e Trustix Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-2041.html +---------------------------------+ | docbook | ----------------------------// +---------------------------------+ The default stylesheet used when converting a DocBook document to multiple HTML files allows an untrusted document to write files outside of the current directory. This is because element identifiers (specified in the document) are used to form the names of the output files. Red Hat Linux 7.2: noarch: ftp://updates.redhat.com/7.2/en/os/noarch/ docbook-utils-0.6.9-2.1.noarch.rpm e6b43a27e4712ee6a91871605092acab ftp://updates.redhat.com/7.2/en/os/noarch/ docbook-utils-pdf-0.6.9-2.1.noarch.rpm a45e3dddc9f3269c3db77bd153697df3 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2048.html +---------------------------------+ | modpython | ----------------------------// +---------------------------------+ Updated mod_python packages have been made available for Red Hat Linux 7.2. These updates close a security issue in mod_python which allows the publisher handler to use modules which have only been indirectly imported. Red Hat 7.2 i386: ftp://updates.redhat.com/7.2/en/os/i386/ mod_python-2.7.8-1.i386.rpm 9b9e4a43002cd22f9a8df7fd9784e925 Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2049.html +---------------------------------+ | Nautilus | ----------------------------// +---------------------------------+ The Nautilus file manager (used by default in the GNOME desktop environment) writes metadata files containing information about files and directories that have been visited in the file manager. The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target. Red Hat: i386: ftp://updates.redhat.com/7.2/en/os/i386/ nautilus-1.0.4-46.i386.rpm f91c1cb8fb30034c8ea8aefa184c5589 ftp://updates.redhat.com/7.2/en/os/i386/ nautilus-devel-1.0.4-46.i386.rpm af4c6accb8c0e4ec60921e0938ad925d ftp://updates.redhat.com/7.2/en/os/i386/ nautilus-mozilla-1.0.4-46.i386.rpm 84ffe4f70577e6d235086a8a7cd86a4d Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2050.html +---------------------------------+ | radiusd-cistron | ----------------------------// +---------------------------------+ ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. SuSE-7.3 ftp://ftp.suse.com/pub/suse/i386/update/7.3/n3/ radiusd-cistron-1.6.4-168.i386.rpm 8215e7113e8937844ab5d2deba8bbb13 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2044.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request@linuxsecurity.com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------