February 7, 2003

Linux Advisory Watch - February 7th 2003

- by Benjamin D.
Thomas
-
Linux Advisory Watch is a comprehensive newsletter that outlines the security
vulnerabilities that have been announced throughout the week. It includes pointers
to updated packages and descriptions of each vulnerability. This week, advisories were released for cvs, mcrypt, slocate, qt-dcgui, bladeenc,
cim, mysql, kernel, kerberos, php, OpenLDAP, windowmaker, xpdf. The distributors
include Caldera, Conectiva, FreeBSD, Gentoo, Mandrake, and Red Hat.
LinuxSecurity Feature Extras:

Review:
Absolute PC Security and Privacy
- Miller never knew much about
viruses, or took them seriously, until a friend got infected and it turned
out to be more of a nuisance than he thought. So he decided to write a
book about them. And also about spam, since he was annoyed by that, too.

Review:
Mastering Network Security, Second Edition
- The introduction states
that this book is aimed at systems administrators who are not security
experts, but have some responsibility for ensuring the integrity of their
systems. That would seem to cover most sysadmins.

 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]

The Linux Advisory Watch newsletter is developed by the community
of volunteers at LinuxSecurity.com
and sponsored by Guardian Digital, Inc., the open
source security company.


 

 
Package: cvs
Date: 01-31-2003
Description: Double-free
vulnerabiity in CVS allows remote attackers to cause a denial of service
and possibly execute arbitrary code via a malformed Directory request.
Vendor Alerts: Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Workstation/CSSA-2003-006.0/RPMS
adbac35ec6 cvs-1.11-9.i386.rpm
73dee39f6543079466e6d7
 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2826.html

FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-2833.html

 

Package: mcrypt
Date: 02-06-2003
Description: Ilia
Alshanetsky found[1] several buffer overflows vulnerabilities[2] in libmcrypt.
These vulnerabilities  basically consist of improper or lack of validation
for some input (which in some scenarios can came from a local user or from
a network connection). 
Vendor Alerts: Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
mcrypt-2.4.18-3U80_1cl.i386.rpm

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2836.html
 

 

Package: slocate
Date: 02-02-2003
Description: "The
overflow appears when the slocate is  runned with two parameters:
-c and -r, using as arguments a 1024 (or 10240, as Knight420 has informed
us earlier) bytes string."
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2828.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2838.html

 

Package: qt-dcgui
Date: 02-02-2003
Description: "All
versions < 0.2.2 have a major security vulnerability in the directory
parser. This bug allow a remote attacker to download files outside the
sharelist. It's recommend that you upgrade the packages immediatly."
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2831.html
 

 

Package: bladeenc
Date: 02-05-2003
Description: "A
wave file let the attacker to execute all the code he want on the victim"
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2834.html
 

 

Package: vim
Date: 02-03-2003
Description: A
vulnerability was discovered in vim by Georgi Guninski that allows arbitrary
command execution using the libcall feature found in modelines.  A
patch to fix this problem was introduced in vim 6.1 patchlevel 265. 
This patch has been applied to the provided update packages.
Vendor Alerts: Mandrake:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2829.html

 

Package: mysql
Date: 02-03-2003
Description: Aleksander
Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability
in the recently released 3.23.55 version  of MySQL.  A double
free() pointer bug in the ysql_change_user()  handling would allow
a specially hacked mysql client to crash the  main mysqld server. 
This vulnerability can only be exploited by first logging in with a valid
user account.
Vendor Alerts: Mandrake:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2829.html

 

Package: kernel
Date: 02-05-2003
Description: An
updated kernel for 9.0 is available with a number of bug fixes.  Supermount
has been completely overhauled and should be solid on all systems. 
Other fixes include XFS with high memory, a netfilter fix, a fix for Sony
VAIO DMI, i845 should now work with UDMA, and new  support for VIA
C3 is included.  Prism24 has been updated so it now  works properly
on HP laptops and a new ACPI is included, although it is  disabled
by default for broader compatibility. 
Vendor Alerts: Mandrake:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2837.html

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2832.html

 

Package: kerberos
Date: 01-31-2003
Description: A
problem has been found in the Kerberos ftp client. When retrieving a file
with a filename beginning with a pipe character, the ftp client will pass
the filename to the command shell in a system() call. This could allow
a malicious ftp server to write to files outside of the current directory
or execute commands as the user running the ftp client.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
krb5-devel-1.2.5-8.i386.rpm 
9e91371e397a6eec059a1b5e3139f3ef 

ftp://updates.redhat.com/8.0/en/os/i386/
krb5-libs-1.2.5-8.i386.rpm 
a830d26d187e18be678ee12722eec485 

ftp://updates.redhat.com/8.0/en/os/i386/
krb5-server-1.2.5-8.i386.rpm 
fd353f875ea9edc4375af13ba80ae38f 

ftp://updates.redhat.com/8.0/en/os/i386/
krb5-workstation-1.2.5-8.i386.rpm
70b04bf0aa7662af6704ce0223ebb914

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2825.html

 

Package: php
Date: 02-04-2003
Description: A
heap-based buffer overflow was found in the wordwrap() function in PHP
versions after 4.1.2 and before 4.3.0.  If wordwrap() is used on user-supplied
input this could allow remote attackers to cause a denial of service or
execute arbitrary code.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2835.html

 

Package: OpenLDAP
Date: 02-05-2003
Description: Updated
openldap packages are available which fix a number of local and remote
buffer overflows in libldap and the slapd and slurpd servers, and potential
issues stemming from using user-specified LDAP configuration files.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
openldap-2.0.27-2.8.0.i386.rpm 
f6ffab19ae521c65396cc76d0a64c2c9

ftp://updates.redhat.com/8.0/en/os/i386/
openldap-clients-2.0.27-2.8.0.i386.rpm 
3e12f7f0aacca920d60fc39766b7d3e5 

ftp://updates.redhat.com/8.0/en/os/i386/
openldap-devel-2.0.27-2.8.0.i386.rpm 
351bd4cea012a1517ded0c03a4512c48 

ftp://updates.redhat.com/8.0/en/os/i386/
openldap-servers-2.0.27-2.8.0.i386.rpm 
a5b8e07d9f13a98aaf1bf999d6672efc 

ftp://updates.redhat.com/8.0/en/os/i386/
openldap12-1.2.13-9.i386.rpm
0e5cbc3c9eb9136169caefed4dadd7c6 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2839.html

 

Package: windowmaker
Date: 02-05-2003
Description: Al
Viro found a buffer overflow in Window Maker 0.80.0 and earlier which may
allow remote attackers to execute arbitrary code via a certain image file
that is not properly handled when Window Maker uses width and height information
to allocate a buffer.  This could be exploited for example by a
user opening
a malicious theme.
Vendor Alerts: Red Hat:
ftp://updates.redhat.com/8.0/en/os/i386/
WindowMaker-0.80.1-5.i386.rpm 
b141fe5b3e1ab0d2d41f4e77e1ce8fe0 

ftp://updates.redhat.com/8.0/en/os/i386/
WindowMaker-libs-0.80.1-5.i386.rpm
a440f228734840d5ce3f25e9f3ef465c 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2840.html

 

Package: xpdf
Date: 02-06-2003
Description: During
an audit of CUPS, a printing system, Zen Parsec found an integer overflow
vulnerability in the pdftops filter.  Since the code for pdftops is
taken from the Xpdf project, all versions of Xpdf including 2.01 are also
vulnerable to this issue.  An attacker could create a PDF file that
could execute arbitrary code.  This could would have the same access
privileges as the user who viewed the file with Xpdf.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2841.html

 

Category:

  • Security
Click Here!