+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| October 4th, 2002 Volume 3, Number 40a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for fetchmail, postgresql, dietlibc,
glibc, unzip, python, tar, gv, XFree86, and heimdal. The vendors include
Conectiva, EnGarde, Gentoo, Mandrake, Red Hat, and SuSE.
Scan 24: Digital Forensic Research WorkShop
It's time for the October Honeynet scan of the month. One of the
interesting changes to the challange for this month is the fact that you
have to read the police report before continuing. This adds a real life
aspect to the challenge. Click for details:
http://www.linuxsecurity.com/articles/projects_article-5814.html
** Concerned about the next threat? EnGarde is the undisputed winner!
Hardened Linux Puts Hackers EnGarde! Winner of the Network Computing
Editor's Choice Award, EnGarde "walked away with our Editor's Choice
award thanks to the depth of its security strategy..." Find out what
the other Linux vendors are not telling you.
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=engarde2
+---------------------------------+
| Package: fetchmail | ----------------------------//
| Date: 10-01-2002 |
+---------------------------------+
Description:
Several buffer overflows and a boundary check error were discovered in all
fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are
vulnerable to crashes and/or arbitrary code execution by remote attackers
if fetchmail is running in multidrop mode. The code execution would be
done with the same privilege as the user running fetchmail.
Vendor Alerts:
Mandrake:
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0:
9.0/RPMS/fetchmail-6.1.0-0.1mdk.i586.rpm
e885d1f0c8e24e46ac2e1f8a219650be
9.0/RPMS/fetchmail-daemon-6.1.0-0.1mdk.i586.rpm
09c813350cf31109555b68fd9fdf741d
9.0/RPMS/fetchmailconf-6.1.0-0.1mdk.i586.rpm
945ae5c3ce8e69f0ca24a054c033bbd4
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2395.html
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2390.html
EnGarde Vendor Advisory:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/fetchmail-ssl-6.1.0-1.0.5.i386.rpm
MD5 Sum: 74a23fe3975b6d23ac45fcc8654444ac
i686/fetchmail-ssl-6.1.0-1.0.5.i686.rpm
MD5 Sum: f7ac0b8560086169ba39e77c3aeddfcd
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2402.html
+---------------------------------+
| Package: postgresql | ----------------------------//
| Date: 10-01-2002 |
+---------------------------------+
Description:
Vulnerabilities were discovered in the Postgresql relational database by
Mordred Labs. These vulnerabilities are buffer overflows in the rpad(),
lpad(), repeat(), and cash_words() functions. The Postgresql developers
also fixed a buffer overflow in functions that deal with time/date and
timezone.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2394.html
+---------------------------------+
| Package: dietlibc | ----------------------------//
| Date: 09-27-2002 |
+---------------------------------+
Description:
There is an integer overflow present in the xdr_array() function
distributed as part of the Sun Microsystems XDR library. This overflow has
been shown to lead to remotely exploitable buffer overflows in multiple
applications, leading to the execution of arbitrary code. Although the
library was originally distributed by Sun Microsystems, multiple vendors
have included the vulnerable code in their own implementations.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2386.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 09-27-2002 |
+---------------------------------+
Description:
Wolfram Gloger discovered that the sunrpc overflow ugfix unintentially
replaced potential integer overflows in connection with malloc() with more
likely divisions by zero.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2387.html
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/glibc-2.1.3-1.0.6.i386.rpm
MD5 Sum: ae9a9aa2ff031b582ce9be770f73ec6f
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2399.html
+---------------------------------+
| Package: unzip | ----------------------------//
| Date: 10-01-2002 |
+---------------------------------+
Description:
Archive extraction is usually treated by users as a safe operation. There
are few problems with files extraction though.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2391.html
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2388.html
+---------------------------------+
| Package: python | ----------------------------//
| Date: 10-01-2002 |
+---------------------------------+
Description:
Zack Weinberg found[1] a vulnerability in the way the exevpe() method from
the os.py module uses a temporary file name. A file which supposedly
should not exist is created in a unsafe way and the method tries to
execute it. The objective of such code is to discover what error the
operating system returns in a portable way.
Vendor Alerts:
Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
python-2.2-10U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
python-devel-2.2-10U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
python-doc-2.2-10U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
python-freeze-2.2-10U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
python-idle-2.2-10U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/
python-tkinter-2.2-10U80_1cl.i386.rpm
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2393.html
+---------------------------------+
| Package: tar | ----------------------------//
| Date: 10-03-2002 |
+---------------------------------+
Description:
There is a directory traversal vulnerability in tar which may allow an
attacker to overwrite arbitrary files by tricking the administrator into
extracting a malicious archive.
Vendor Alerts:
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/tar-1.13.25-1.0.5.i386.rpm
MD5 Sum: 48a78e985fa73b15c7bb597ede2d7578
i686/tar-1.13.25-1.0.5.i686.rpm
MD5 Sum: d3dcf70784b6863f30b8813be42050bf
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2400.html
+---------------------------------+
| Package: gv | ----------------------------//
| Date: 10-03-2002 |
+---------------------------------+
Description:
When GV detects that the document is either a PDF file or a GZip
compressed file, it executes some commands with the help of the system()
function. Unfortunately, these commands contain the filename, which can be
considered as untrusted user input. It is then possible to distribute a
file (with a meticulously choosed filename, that can even seems innocent)
that causes execution of arbitrary shell commands when it is read with GV.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2401.html
+---------------------------------+
| Package: XFree86 | ----------------------------//
| Date: 10-03-2002 |
+---------------------------------+
Description:
XFree86 is a freely redistributable open-source implementation of the X
Window System, which is a client/server interface between display hardware
and the desktop environment. Xlib is one of the main libraries of XFree86
(libX11.so.6).
Vendor Alerts:
Conectiva:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2403.html
+---------------------------------+
| Package: heimdal | ----------------------------//
| Date: 10-03-2002 |
+---------------------------------+
Description:
The Heimdal package is a free Kerberos implementation offering flexible
authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme.
The SuSE Security Team has reviewed critical parts of the Heimdal package
such as the kadmind and kdc server. While doing so several possible buffer
overflows and other bugs have been uncovered and fixed.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d4/
heimdal-devel-0.4e-191.i386.rpm
9dcb318864c2ad7c8bb11a51b0c1e12a
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec1/
heimdal-lib-0.4e-191.i386.rpm
7971b5a482b0f8521c0a8bd07182be36
ftp://ftp.suse.com/pub/suse/i386/update/8.0/sec3/
heimdal-0.4e-191.i386.rpm
fb6792204a9ec58f69a9dc7b4bcbed59
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2389.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
