Linux Advisory Watch - March 28th 2003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  March 28th, 2002                         Volume 4, Number 13a |
+----------------------------------------------------------------+

  Editors:     Dave Wreski                Benjamin Thomas
               dave@xxxxxxxxxxxxxxxxx     ben@xxxxxxxxxxxxxxxxx

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for openssl, apcupsd, bonsai, krb5,
lpr, mutt, heimdal, kernel, ecartis, glibc, mysql, bitchx, mod_ssl,
netpbm, rxvt, zlib, evolution, samba, kerberos, ethereal, and file.  The
distributors include, Caldera, Debian, Guardian Digital's EnGarde Secure
Linux, Gentoo, Mandrake, NetBSD, Red Hat, SuSE, Trustix, and Turbolinux.

* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.

 --> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail2

 LinuxSecurity Feature Extras:

Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer
forensics have hit the big time. A previously superniche technology,
forensics have moved into the collective consciousness of IT sys. admins.
and Corporate CSOs.

http://www.linuxsecurity.com/feature_stories/feature_story-139.html

Remote Syslog with MySQL and PHP - Msyslog has the ability to log syslog
messages to a database. This allows for easier monitoring of multiple
servers and the ability to be display and search for syslog messages using
PHP or any other programming language that can communicate with the
database.by that, too.

http://www.linuxsecurity.com/feature_stories/feature_story-138.html


+---------------------------------+
|  Package:  openssl              | ----------------------------//
|  Date: 03-22-2003               |
+---------------------------------+

Description:

Researchers have discovered a timing attack on RSA keys, to which OpenSSL
is generally vulnerable, unless RSA blinding has been turned on.

Vendor Alerts:

 Caldera:
  openssl-0.9.6-21.i386.rpm
  cae226f7eb06d23837e4f253c024cc77
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
  Server/CSSA-2003-014.0/RPMS

  Caldera Vendor Advisory:
  http://www.linuxsecurity.com/advisories/caldera_advisory-3039.html

 FreeBSD:
  FreeBSD Vendor Advisory:
  http://www.linuxsecurity.com/advisories/freebsd_advisory-3035.html

 Gentoo:
  Gentoo Vendor Advisory:
  http://www.linuxsecurity.com/advisories/gentoo_advisory-3042.html

 Mandrake:
  Mandrake Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-3063.html

 NetBSD:
  NetBSD Vendor Advisory:
  http://www.linuxsecurity.com/advisories/netbsd_advisory-3069.html

 Trustix:
  Trustix Vendor Advisory:
  http://www.linuxsecurity.com/advisories/trustix_advisory-3074.html

 TurboLinux:
  TurboLInux Vendor Advisory:
  http://www.linuxsecurity.com/advisories/turbolinux_advisory-3075.html





+---------------------------------+
|  Package:  apcupsd              | ----------------------------//
|  Date: 03-22-2003               |
+---------------------------------+

Description:
Multiple vulnerabilities in apcupsd including a buffer overflow and format
string vulnerability have been fixed.

Vendor Alerts:

 Caldera:
  apcupsd-3.8.6-1.i386.rpm
  a2c0d41800f62383c65f77858f0c3898
  ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
  Server/CSSA-2003-014.0/RPMS

  Caldera Vendor Advisory:
  http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html


 SuSE:
  SuSE Vendor Advisory:
  http://www.linuxsecurity.com/advisories/suse_advisory-3060.html



+---------------------------------+
|  Package:  bonsai               | ----------------------------//
|  Date: 03-21-2003               |
+---------------------------------+

Description:
Several security related bugs have been fix in bonsai.

Vendor Alerts:

 Debian:
  http://security.debian.org/pool/updates/main/b/bonsai/
  bonsai_1.3+cvs20020224-1woody1_i386.deb
  Size/MD5 checksum:   154122 c2b39dfcfc33c3752afcb744323a91a2

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3025.html




+---------------------------------+
|  Package:  krb5                 | ----------------------------//
|  Date: 03-21-2003               |
+---------------------------------+

Description:
Several vulnerabilities have been discovered in krb5, an
implementation of MIT Kerberos.

Vendor Alerts:

 Debian:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3040.html



+---------------------------------+
|  Package:  lpr                  | ----------------------------//
|  Date: 03-24-2003               |
+---------------------------------+

Description:
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
printer spooling system.  This problem can be exploited by a local
user to gain root privileges, even if the printer system is set up
properly.

Vendor Alerts:

 Debian:
  http://security.debian.org/pool/updates/main/l/
  lpr/lpr_0.48-1.1_i386.deb
  Size/MD5 checksum:	85960 1758a9683ae487c20f46a73ba32d9c15

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3050.html


 TurboLinux:
  TurboLinux Vendor Advisory:
  http://www.linuxsecurity.com/advisories/turbolinux_advisory-3047.html




+---------------------------------+
|  Package:  mutt                 | ----------------------------//
|  Date: 03-25-2003               |
+---------------------------------+

Description:
Core Security Technologies discovered a buffer overflow in the IMAP
code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG,
PGP and threading.  This problem allows a remote malicious IMAP
server to cause a denial of service (crash) and possibly execute
arbitrary code via a specially crafted mail folder.

Vendor Alerts:

 Debian:
  http://security.debian.org/pool/updates/main/m/
  mutt/mutt_1.3.28-2.1_i386.deb
  Size/MD5 checksum:  1301398 f20f7221425af30530cc4c32fa93c5d9

  http://security.debian.org/pool/updates/main/m/
  mutt/mutt-utf8_1.3.28-2.1_i386.deb
  Size/MD5 checksum:   360742 c37eb100e007a5afa6fbcc6174f01266

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3064.html


 Gentoo:
  Gentoo Vendor Advisory:
  http://www.linuxsecurity.com/advisories/gentoo_advisory-3041.html

 SuSE:
  SuSE Vendor Advisory:
  http://www.linuxsecurity.com/advisories/suse_advisory-3045.html



+---------------------------------+
|  Package:  heimdal              | ----------------------------//
|  Date: 03-25-2003               |
+---------------------------------+

Description:
A cryptographic weakness in version 4 of the Kerberos protocol allows an
attacker to use a chosen-plaintext attack to impersonate any principal in
a realm.  Additional cryptographic weaknesses in the krb4 implementation
permit the use of cut-and-paste attacks to fabricate krb4 tickets for
unauthorized client principals if triple-DES keys are used to key krb4
services. These attacks can subvert a site's entire Kerberos
authentication infrastructure.

Vendor Alerts:
 Debian:
  http://security.debian.org/pool/updates/main/h/heimdal/
  heimdal-docs_0.4e-7.woody.6_all.deb
  Size/MD5 checksum:  1055480 e22766e034934ac5b6664468d1bd39c4

  http://security.debian.org/pool/updates/main/h/heimdal/
  heimdal-lib_0.4e-7.woody.6_all.deb
  Size/MD5 checksum:	19456 3be2de9ba824fd90ec6f0df606e9d716


  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3065.html



+---------------------------------+
|  Package:  kernel               | ----------------------------//
|  Date: 03-27-2003               |
+---------------------------------+

Description:
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in
ptrace.  This hole allows local users to obtain root privileges by using
ptrace to attach to a child process that is spawned by the kernel. Remote
exploitation of this hole is not possible.

Vendor Alerts:

 Debian:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3071.html


 SuSE:
  SuSE Vendor Advisory:
  http://www.linuxsecurity.com/advisories/suse_advisory-3060.html



+---------------------------------+
|  Package:  ecartis              | ----------------------------//
|  Date: 03-27-2003               |
+---------------------------------+

Description:
A problem has been discovered in ecartis, a mailing list manager, formerly
known as listar.  This vulnerability enables an attacker to reset the
password of any user defined on the list server, including the list
admins.

Vendor Alerts:

 Debian:
  http://security.debian.org/pool/updates/main/l/listar/
  listar_0.129a-2.potato3_i386.deb
  Size/MD5 checksum:   301830 aa8d67d1f07cb0a769d2030708e3725c

  http://security.debian.org/pool/updates/main/l/listar/
  listar-cgi_0.129a-2.potato3_i386.deb
  Size/MD5 checksum:	25342 efd78841548a3e97b0d0557e8b360a3d

  Debian Vendor Advisory:
  http://www.linuxsecurity.com/advisories/debian_advisory-3076.html



+---------------------------------+
|  Package:  glibc                | ----------------------------//
|  Date: 03-21-2003               |
+---------------------------------+

Description:
This update fixes an integer overflow in the xdrmem_getbytes() function of
glibc.

Vendor Alerts:

 EnGarde:
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
  i386/glibc-2.1.3-1.0.7.i386.rpm
  MD5 Sum: 555c7d9d0f43887fe1c2ddf16eb1555b

  EnGarde Vendor Advisory:
  http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html


 Gentoo:
  Gentoo Vendor Advisory:
  http://www.linuxsecurity.com/advisories/gentoo_advisory-3051.html

 Mandrake:
  Mandrake Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-3059.html


 NetBSD:
  NetBSD Vendor Advisory:
  http://www.linuxsecurity.com/advisories/netbsd_advisory-3067.html

 Trustix:
  Trustix Vendor Advisory:
  http://www.linuxsecurity.com/advisories/trustix_advisory-3073.html



+---------------------------------+
|  Package:  mysql                | ----------------------------//
|  Date: 03-21-2003               |
+---------------------------------+

Description:
Versions of MySQL prior to 3.23.56 contained a vulnerability which
could allow MySQL users to gain root privileges by using "SELECT *
INFO OUTFILE" to overwrite a configuration file, causing MySQL to run
as root upon its next restart.

Vendor Alerts:

 EnGarde:
  ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
  i386/MySQL-3.23.56-1.0.23.i386.rpm
  MD5 Sum: 2e1d87123f531aa9f9db629b9791224b

  i386/MySQL-client-3.23.56-1.0.23.i386.rpm
  MD5 Sum: 732e50874839f55c0d45b8090eba28bb

  i386/MySQL-shared-3.23.56-1.0.23.i386.rpm
  MD5 Sum: cde31e38d9b2e421de6cf4a25ce8f041

  i686/MySQL-3.23.56-1.0.23.i686.rpm
  MD5 Sum: acbba1bb7409fe800d2fc733446cb1d7

  i686/MySQL-client-3.23.56-1.0.23.i686.rpm
  MD5 Sum: f3c98f5a75f4e5875aa5b248bb121999

  i686/MySQL-shared-3.23.56-1.0.23.i686.rpm
  MD5 Sum: d0a2799942ad77b2cbdd1b0ccc5e7fc3

  EnGarde Vendor Advisory:
  http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html



+---------------------------------+
|  Package:  bitchx               | ----------------------------//
|  Date: 03-24-2003               |
+---------------------------------+

Description:
Bitchx is full of sprintf() calls and relying on BIG_BUFFER_SIZE
being large enough.

Vendor Alerts:

 Gentoo:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Gentoo Vendor Advisory:
  http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html



+---------------------------------+
|  Package:  mod_ssl              | ----------------------------//
|  Date: 03-22-2003               |
+---------------------------------+

Description:
"Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on."

Vendor Alerts:

 Gentoo:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Gentoo Vendor Advisory:
  http://www.linuxsecurity.com/advisories/gentoo_advisory-3052.html



+---------------------------------+
|  Package:  netpbm               | ----------------------------//
|  Date: 03-25-2003               |
+---------------------------------+

Description:
Several math overflow errors were found in NetPBM by Al Viro and Alan Cox.
While these programs are not installed suid root, they are often used to
prepare data for processing.  These errors may permit remote attackers to
cause a denial of service or execute arbitrary code in any programs or
scripts that use these graphics conversion tools.

Vendor Alerts:

 Mandrake:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Mandrake Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-3058.html



+---------------------------------+
|  Package:  rxvt                 | ----------------------------//
|  Date: 03-25-2003               |
+---------------------------------+

Description:
Digital Defense Inc. released a paper detailing insecurities in various
terminal emulators, including rxvt.  Many of the features supported by
these programs can be abused when untrusted data is displayed on the
screen.  This abuse can be anything from garbage data being displayed to
the screen or a system compromise.

Vendor Alerts:

 Mandrake:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Mandrake Vendor Advisory:
  http://www.linuxsecurity.com/advisories/mandrake_advisory-3062.html



 TurboLinux:
  TurboLinux Vendor Advisory:
  http://www.linuxsecurity.com/advisories/turbolinux_advisory-3047.html



+---------------------------------+
|  Package:  zlib                 | ----------------------------//
|  Date: 03-25-2003               |
+---------------------------------+

Description:
The gzprintf function in zlib did not do bounds checking on user supplied
data. Depending on how the function is used in an application, malign
source data can be designed to overflow a buffer and execute arbitrary
code as the user of the application.

Vendor Alerts:

 NetBSD:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  NetBSD Vendor Advisory:
  http://www.linuxsecurity.com/advisories/netbsd_advisory-3070.html



+---------------------------------+
|  Package:  evolution            | ----------------------------//
|  Date: 03-25-2003               |
+---------------------------------+

Description:
Updated Evolution packages are available which fix several
vulnerabilities.

Vendor Alerts:

 Red Hat:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Red Hat Vendor Advisory:
  http://www.linuxsecurity.com/advisories/redhat_advisory-3028.html
  http://www.linuxsecurity.com/advisories/redhat_advisory-3053.html



+---------------------------------+
|  Package:  samba                | ----------------------------//
|  Date: 03-21-2003               |
+---------------------------------+

Description:
Updated samba packages are now available to fix security
vulnerabilities found during a code audit.

Vendor Alerts:

 Red Hat:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Red Hat Vendor Advisory:
  http://www.linuxsecurity.com/advisories/redhat_advisory-3054.html




+---------------------------------+
|  Package:  kerberos             | ----------------------------//
|  Date: 03-26-2003               |
+---------------------------------+

Description:
Updated Kerberos packages fix a number of vulnerabilities found in
MIT Kerberos.

Vendor Alerts:

 Red Hat:
  PLEASE SEE VENDOR ADVISORY FOR UPDATE

  Red Hat Vendor Advisory:
  http://www.linuxsecurity.com/advisories/redhat_advisory-3072.html



+---------------------------------+
|  Package:  ethereal             | ----------------------------//
|  Date: 03-26-2003               |
+---------------------------------+

Description:
Ethereal is a GUI for analyzing and displaying network traffic.
Ethereal is vulnerable to a format string bug in it's SOCKS code and
to a heap buffer overflow in it's NTLMSSP code. These bugs can be
abused to crash ethereal or maybe to execute arbitrary code on the
machine running ethereal.

Vendor Alerts:

 SuSE:
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/
  rpm/i586/ethereal-0.9.6-152.i586.rpm
  1ea03e4f888f30bc37669ea4dd0cfe30

  SuSE Vendor Advisory:
  http://www.linuxsecurity.com/advisories/suse_advisory-3031.html



+---------------------------------+
|  Package:  file                 | ----------------------------//
|  Date: 03-21-2003               |
+---------------------------------+

Description:
The file command can be used to determine the type of files.
iDEFENSE published a security report about a buffer overflow in the
handling-routines for the ELF file-format.

Vendor Alerts:

 SuSE:
  ftp://ftp.suse.com/pub/suse/i386/update/8.1/
  rpm/i586/file-3.37-206.i586.rpm
  06e1fa8c7e00fd848b9ccff104a096f0

  SuSE Vendor Advisory:
  http://www.linuxsecurity.com/advisories/suse_advisory-3029.html

------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request@xxxxxxxxxxxxxxxxx
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux