Linux Advisory Watch - June 7th 2002

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  June 7th, 2002                           Volume 3, Number 23a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               dave@linuxsecurity.com     ben@linuxsecurity.com
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week. It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for tcpdump, uucp, ethereal, dhcp,
bind, mailman, Conectiva's kernel, imap, nss_ldap, ghostscript, and xchat.  
The vendors include Caldera, Conecitva, Debian, EnGarde, Mandrake, Red
Hat, SuSE, Trustix, and Yellow Dog.
 

FEATURE: Flying Pigs: Snorting Next Generation Secure Remote Log Servers
over TCP:
 
A Comprehensive Guide to Building Encrypted, Secure Remote Syslog-ng
Servers with the Snort Intrusion Detection System.
 
   http://www.linuxsecurity.com/feature_stories/snortlog-part1.html
 

** Build Complete Internet Presence Quickly and Securely! **  
 
EnGarde Secure Linux has everything necessary to create thousands of
virtual Web sites, manage e-mail, DNS, firewalling, and database functions
for an entire organization, all using a secure Web-based front-end.
Engineered to be secure and easy to use!
  
 --> http://www.guardiandigital.com/promo/ls230502.html 
 

+---------------------------------+
|   tcpdump                       | ----------------------------//
+---------------------------------+  
  
The tcpdump program is vulnerable to several buffer overflows, the most
serious of which are problems with the decoding of AFS RPC packets and the
handling of malformed NFS packets. These may allow a remote attacker to
cause arbitrary instructions to be executed with the privileges of the
tcpdump process (usually root).

 Caldera OpenLinux 3.1.1 Server 
 ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1.1/ 
 Server/current/RPMS/ 
 tcpdump-3.6.2-2.i386.rpm 
 86ebdc7304a9474350d6347de67cd801 

 Caldera Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/caldera_advisory-2114.html 

 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/ 
 tcpdump-3.6.2-3U8_2cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2113.html 

 Trustix: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2116.html 

 Yellow Dog: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2123.html 
  
  
 
+---------------------------------+
|  uucp                           | ----------------------------//
+---------------------------------+  

We have received reports that in.uucpd, an authentication agent in the
uucp package, does not properly terminate certain long input strings. This
has been corrected in uucp package version 1.06.1-11potato3 for Debian 2.2
(potato) and in version 1.06.1-18 for the upcoming (woody) release.

 Debian: Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 uucp_1.06.1-11potato3_i386.deb 
 MD5 checksum: 26f22db0eeed4cabad46861112d94d47 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2104.html 
  
  
 

+---------------------------------+
|   ethereal                      | ----------------------------//
+---------------------------------+  

Ethereal versions prior to 0.9.3 were vulnerable to an allocation error in
the ASN.1 parser. This can be triggered when analyzing traffic using the
SNMP, LDAP, COPS, or Kerberos protocols in ethereal. This vulnerability
was announced in the ethereal security advisory.

 Debian: Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 ethereal_0.8.0-3potato_i386.deb 
 MD5 checksum: cf6925bce3de49332f93105ac801be31 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-2105.html 
  

 Yellow Dog Linux: 
 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2127.html 
  

 Red Hat Linux 7.3: i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/ 
 ethereal-0.9.4-0.7.3.0.i386.rpm 
 52a3074dea1e4e9563558e523a659bc5 
 
 ftp://updates.redhat.com/7.3/en/os/i386/ 
 ethereal-gnome-0.9.4-0.7.3.0.i386.rpm 
 1650416f14b9f6a7cb15aa2f38f20bf4 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2119.html 
  
  
 

+---------------------------------+
|  dhcp                           | ----------------------------//
+---------------------------------+  

Fermin J. Serna discovered a problem in the dhcp server and client package
from versions 3.0 to 3.0.1rc8, which are affected by a format string
vulnerability that can be exploited remotely.  By default, these versions
of DHCP are compiled with the dns update feature enabled, which allows
DHCP to update DNS records.  The code that logs this update has an
exploitable format string vulnerability; the update message can contain
data provided by the attacker, such as a hostname.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2110.html 

  
 

+---------------------------------+
|   bind                          | ----------------------------//
+---------------------------------+  

A vulnerability was discovered in the BIND9 DNS server in versions prior
to 9.2.1.  An error condition will trigger the shutdown of the server when
the rdataset parameter to the dns_message_findtype() function in message.c
is not NULL as expected. This condition causes the server to assert an
error message and shutdown the BIND server.  The error condition can be
remotely exploited by a special DNS packet.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Mandrake Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2112.html 


 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2126.html 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2109.html 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-2115.html


  
+---------------------------------+
|   mailman                       | ----------------------------//
+---------------------------------+  

Barry A. Warsaw announced[2] a new version of mailman that fixes two cross
site scripting vulnerabilities. According to this announcement, "office"
reported such a vulnerability in the login page, and Tristan Roddis
reported one in the Pipermail index summaries.
 
 Conectiva: 
 ftp://atualizacoes.conectiva.com.br/8/RPMS/
 mailman-2.0.11-1U8_1cl.i386.rpm 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2111.html 
  


+---------------------------------+
|  Conectiva kernel               | ----------------------------//
+---------------------------------+  

It is recommended that all users upgrade the kernel.

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Conectiva Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2117.html


  

+---------------------------------+
|   imap                          | ----------------------------//
+---------------------------------+  

There is a buffer overflow vulnerability in imap which can allow a remote,
authenticated user to execute commands as the user under which imapd is
running.

 EnGarde: 
 i386/imap-2000c-1.0.23.i386.rpm 
 MD5 Sum: abb2189c4168ef80dc7a1884af3bac05 

 i386/imap-2000c-1.0.23.i686.rpm 
 MD5 Sum: 3c6b50e75b8f09ebe5e97b71e94117d5 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2120.html 

 Yellow Dog Linux: 

 PLEASE SEE VENDOR ADVISORY FOR UPDATE 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2121.html


  
+---------------------------------+
|   nss_ldap                      | ----------------------------//
+---------------------------------+  

The pam_ldap module provides authentication for user access to a system by
consulting a directory using LDAP. Versions of pam_ldap prior to version
144 include a format string bug in the logging function. The packages
included in this erratum update pam_ldap to version 144, fixing this bug.

 Yellow Dog Linux: 
 ftp://ftp.yellowdoglinux.com/pub/yellowdog/ 
 updates/yellowdog-2.2/ppc/ 
 ppc/authconfig-4.1.19.2-1.ppc.rpm 
 bcc6a0ebe130c633592ee0dcd4c356df 

 ppc/nss_ldap-189-2.ppc.rpm 
 79268cb16005e49a206e4bea975ba890 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2122.html 

 Red Hat Linux 7.3: i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/
 nss_ldap-189-2.i386.rpm 
 d2b2402e6c59f886556872d6b2bc2f16 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2106.html


  
+---------------------------------+
|  ghostscript                    | ----------------------------//
+---------------------------------+  

"Ghostscript is a program for displaying PostScript files or printing them
to non-PostScript printers. An untrusted PostScript file can cause
ghostscript to execute arbitrary commands due to insufficient checking.
Since ghostscript is often used during the course of printing a document
(and is run as user 'lp'), all users should install these fixed packages.

 Yellow Dog Linux: 
 ftp://ftp.yellowdoglinux.com/pub/yellowdog/ 
 updates/yellowdog-2.2/ppc/ 
 ppc/printconf-0.3.61-4.1.ppc.rpm 
 ddc5d90a8b44b383ae7f25493823eee6 

 ppc/printconf-gui-0.3.61-4.1.ppc.rpm 
 984c9d6813af85e8b124e0f9f709ec4f 

 ppc/ghostscript-6.51-16.2a.ppc.rpm 
 ba63816e522739225663943ef901705b 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2124.html 
  

 Red Hat Linux 7.3: i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/
 ghostscript-6.52-9.4.i386.rpm 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2108.html


  
  
+---------------------------------+
|  xchat                          | ----------------------------//
+---------------------------------+    

Versions of XChat prior to 1.8.9 do not filter the response from an IRC
server when a /dns query is executed. Because XChat resolves hostnames by
passing the configured resolver and hostname to a shell, an IRC server may
return a maliciously formatted response that executes arbitrary commands
with the privileges of the user running XChat.

 Yellow Dog Linux: 
 ftp://ftp.yellowdoglinux.com/pub/yellowdog/ 
 updates/yellowdog-2.2/ppc/ 
 ppc/xchat-1.8.9-2a.ppc.rpm 
 d3d8742b3eb43b9a39f0c439b1f7b560 

 Yellow Dog Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-2125.html 
  

 Red Hat Linux 7.3: i386: 
 ftp://updates.redhat.com/7.3/en/os/i386/
 xchat-1.8.9-1.73.0.i386.rpm 
 bc85e6662044a386ce35b472635444fa 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-2107.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux