Linux Advisory Watch - January 24th 2003

– by Benjamin D.
Thomas –
Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.

This week, advisories were released for cups, canna, cvs, dhcp, libpng, kde, fnord, vim, printer-drivers, python, and susehelp. The distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.

LinuxSecurity Feature Extras:

Patching
It Up – Patching and upgrading software requires more than running
a few commands. Having a patch recovery plan, communicating with developers
on that server, and knowing who to contact in case of a botched patch job
is critical.

Newest
Members of the Team – Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.

[ Linux
Advisory Watch ] – [ Linux
Security Week ] – [ PacketStorm
Archive ] – [ Linux Security
Documentation ]

Package:	cups
Date:	01-20-2003
Description:	Allows remote attackers to add printers without authentication via a certain UDP packet, that can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a “need authorization” page.
Vendor Alerts:	Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-004.0/RPMS cups-1.1.10-6.i386.rpm c27cfc1dc18d8c4769c0f8247f9c9bf0 Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2781.html Debian: http://security.debian.org/pool/updates/main/c/ cupsys/cupsys_1.0.4-12.1_i386.deb Size/MD5 checksum: 2295330 3e977f66990a5d169d24088c22ffba34 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2776.html

Package:	canna
Date:	01-20-2003
Description:	Buffer overflow in canna allows local users to execute arbitrary code as the bin user. Canna does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
Vendor Alerts:	Caldera: ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/ Server/CSSA-2003-005.0/RPMS canna-3.5b2-8.i386.rpm 91acd89bd9041e06c0a22e4d73b5bb1f Caldera Vendor Advisory: http://www.linuxsecurity.com/advisories/caldera_advisory-2790.html

Package:	cvs
Date:	01-21-2003
Description:	Besides fixing the double free vulnerability, the new packages provided with this update now have the Checkin-prog and Update-prog commands disabled.
Vendor Alerts:	Conectiva: ftp://atualizacoes.conectiva.com.br/8/RPMS/ cvs-1.11-9U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ cvs-doc-1.11-9U80_1cl.i386.rpm Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-2788.html Debian: http://security.debian.org/pool/updates/main/c/ cvs/cvs_1.10.7-9.2_i386.deb Size/MD5 checksum: 455974 32924918a5a027f287c1fff64139aa98 Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2782.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2783.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2786.html Red Hat: ftp://updates.redhat.com/8.0/en/os/i386/cvs-1.11.2-8.i386.rpm 612a4814740dc8544619a22487b4652f Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2780.html Slackware: ftp://ftp.slackware.com/pub/slackware/ slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz Slackware Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-2799.html SuSE: SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2797.html

Package:	dhcp
Date:	01-23-2003
Description:	During an internal source code audit, the ISC developers found several stack-based buffer overflow vulnerabilities[2,3] in the error handling routines of the minires library. This library is used by the NSUPDATE feature, which is present in dhcp versions newer than 3.0 and allows the DHCP server to dynamically update DNS server records.
Vendor Alerts:	PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-2805.html Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2773.html Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2772.html Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2791.html Slackware Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-2779.html SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2777.html

Package:	libpng
Date:	01-23-2003
Description:	Programs such as web browsers and various others common applications make use of libpng. An attacker could exploit this vulnerability to remotely run arbitrary code or crash such applications by using a specially crafted png image.
Vendor Alerts:	Conectiva: PLEASE SEE VENDOR ADVISORY FOR UPDATE Conectiva Vendor Advisory: http://www.linuxsecurity.com/advisories/connectiva_advisory-2806.html Mandrake: Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2787.html

Package:	kde
Date:	01-22-2003
Description:	The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.
Vendor Alerts:	Debian: PLEASE SEE VENDOR ADVISORY FOR UPDATE kdeadmin – Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2793.html kdegraphics – Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2794.html kdelibs – Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2795.html kdenetwork – DebianVendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2801.html kdepim – Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2802.html kdesdk – Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2803.html kdegamers – Debian Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-2807.html Gentoo: Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2774.html

Package:	fnord
Date:	01-17-2003
Description:	“fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable.”
Vendor Alerts:	Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2771.html

Package:	vim
Date:	01-22-2003
Description:	“Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them.”
Vendor Alerts:	Gentoo: PLEASE SEE VENDOR ADVISORY FOR UPDATE Gentoo Vendor Advisory: http://www.linuxsecurity.com/advisories/gentoo_advisory-2796.html Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2767.html

Package:	printer-drivers
Date:	01-21-2003
Description:	Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem.
Vendor Alerts:	Mandrake: PLEASE SEE VENDOR ADVISORY FOR UPDATE Mandrake Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-2798.html

Package:	python
Date:	01-21-2003
Description:	Zack Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names. This could allow local users to execute arbitrary code via a symlink attack.
Vendor Alerts:	Red Hat: PLEASE SEE VENDOR ADVISORY FOR UPDATE Red Hat Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-2789.html

Package:	susehelp
Date:	01-20-2003
Description:	Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the “wwwrun” user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites.
Vendor Alerts:	SuSE: ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/ noarch/susehelp-2002.09.05-51.noarch.rpm 6dde3d487385fd6a935643b1a0d92b86 SuSE Vendor Advisory: http://www.linuxsecurity.com/advisories/suse_advisory-2775.html

RELATED ARTICLESMORE FROM AUTHOR

Maintainer Confidential: Challenges and Opportunities One Year On

Bridging Design and Runtime Gaps: AsyncAPI in Event-Driven Architecture

Implementing OpenTelemetry Natively in an Event Broker

Innovation as a Catalyst in Telecommunications

Linux 6.8 Brings More Sound Hardware Support For Intel & AMD, Including The Steam Deck

RELATED ARTICLES MORE FROM AUTHOR