January 24, 2003

Linux Advisory Watch - January 24th 2003

- by Benjamin D.
Thomas
-
Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability.

This week, advisories were released for cups, canna, cvs, dhcp, libpng, kde, fnord, vim, printer-drivers, python, and susehelp. The distributors include Caldera, Conectiva, Debian, Gentoo, Mandrake, Red Hat, Slackware, and SuSE.

LinuxSecurity Feature Extras:

Patching
It Up
-
Patching and upgrading software requires more than running
a few commands. Having a patch recovery plan, communicating with developers
on that server, and knowing who to contact in case of a botched patch job
is critical.

Newest
Members of the Team
- Just to give everyone an idea about who writes
these articles and feature stories that we spend so much of our time reading
each day, I have decided to ask Brian Hatch and Duane Dunston, the newest
members of the LinuxSecurity.com team, a few questions.

 

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation

 


 

 
Package: cups
Date: 01-20-2003
Description: Allows
remote attackers to add printers without authentication via a certain UDP
packet, that can then be used to perform unauthorized activities such as
stealing the local root certificate for the administration server via a
"need authorization" page.
Vendor Alerts: Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-004.0/RPMS
cups-1.1.10-6.i386.rpm
c27cfc1dc18d8c4769c0f8247f9c9bf0 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2781.html
 

 

Debian:

http://security.debian.org/pool/updates/main/c/
cupsys/cupsys_1.0.4-12.1_i386.deb     
Size/MD5 checksum:  2295330 3e977f66990a5d169d24088c22ffba34

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2776.html

 

Package: canna
Date: 01-20-2003
Description: Buffer
overflow in canna allows local users to execute arbitrary code as the bin
user.  Canna does not properly validate requests, which allows remote
attackers to cause a denial of service or information leak.
Vendor Alerts: Caldera:
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-005.0/RPMS
canna-3.5b2-8.i386.rpm
91acd89bd9041e06c0a22e4d73b5bb1f 

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2790.html

 

Package: cvs
Date: 01-21-2003
Description: Besides
fixing the double free vulnerability, the new packages provided with this
update now have the Checkin-prog and Update-prog commands disabled.
Vendor Alerts: Conectiva:
ftp://atualizacoes.conectiva.com.br/8/RPMS/
cvs-1.11-9U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/
cvs-doc-1.11-9U80_1cl.i386.rpm
 

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2788.html
 

Debian:

http://security.debian.org/pool/updates/main/c/
cvs/cvs_1.10.7-9.2_i386.deb
Size/MD5 checksum:  
455974 32924918a5a027f287c1fff64139aa98

Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2782.html

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2783.html

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2786.html

Red Hat:

ftp://updates.redhat.com/8.0/en/os/i386/cvs-1.11.2-8.i386.rpm
612a4814740dc8544619a22487b4652f 

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2780.html
 

Slackware:

ftp://ftp.slackware.com/pub/slackware/
slackware-8.1/patches/packages/cvs-1.11.5-i386-1.tgz

Slackware Vendor
Advisory:

http://www.linuxsecurity.com/advisories/slackware_advisory-2799.html
 

SuSE:

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2797.html

 

Package: dhcp
Date: 01-23-2003
Description: During
an internal source code audit, the ISC developers found several stack-based
buffer overflow vulnerabilities[2,3] in the error handling routines of
the minires library. This library is used by the NSUPDATE feature, which
is present in dhcp versions newer than 3.0 and allows the DHCP server to
dynamically update DNS server records. 
Vendor Alerts:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2805.html

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2773.html

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2772.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2791.html

Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2779.html

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2777.html

 

Package: libpng
Date: 01-23-2003
Description: Programs
such as web browsers and various others common applications make use of
libpng. An attacker could exploit this vulnerability to remotely run arbitrary
code or crash such applications by using a specially crafted png image.
Vendor Alerts: Conectiva:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/connectiva_advisory-2806.html
 

Mandrake:

Mandrake Vendor
Advisory:

http://www.linuxsecurity.com/advisories/mandrake_advisory-2787.html

 

Package: kde
Date: 01-22-2003
Description: The
KDE team discovered several vulnerabilities in the K Desktop Environment. 
In some instances KDE fails to properly quote parameters of instructions
passed to a command shell for execution.  These
parameters
may incorporate data such as URLs, filenames and e-mail addresses, and
this data may be provided remotely to a victim in an e-mail, a webpage
or files on a network filesystem or other untrusted
source. 
Vendor Alerts: Debian:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

kdeadmin - Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2793.html

kdegraphics - Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2794.html

kdelibs - Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2795.html

kdenetwork - DebianVendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2801.html

kdepim - Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2802.html

kdesdk - Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2803.html

kdegamers - Debian Vendor
Advisory:

http://www.linuxsecurity.com/advisories/debian_advisory-2807.html
 

Gentoo:

Gentoo Vendor
Advisory:

http://www.linuxsecurity.com/advisories/gentoo_advisory-2774.html

 

 

Package: fnord
Date: 01-17-2003
Description: "fnord
1.6 contained a buffer overrun in the CGI code. However, since the function
does not return, this does not appear to be exploitable."
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2771.html

 

Package: vim
Date: 01-22-2003
Description: "Opening
a specially crafted text file with vim can execute arbitrary shell commands
and pass parameters to them."
Vendor Alerts: Gentoo:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-2796.html

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2767.html

 

Package: printer-drivers
Date: 01-21-2003
Description: Karol
Wiesek and iDefense disovered three vulnerabilities in the printer-drivers
package and tools it installs.  These vulnerabilities allow a local
attacker to empty or create any file on the filesystem.
Vendor Alerts: Mandrake:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2798.html

 

Package: python
Date: 01-21-2003
Description: Zack
Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and earlier
creates temporary files with predictable names.  This could allow
local users to execute arbitrary code via a symlink attack.
Vendor Alerts: Red Hat:
PLEASE SEE VENDOR
ADVISORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2789.html

 

Package: susehelp
Date: 01-20-2003
Description: Remote
attackers can insert certain characters in CGI queries to the susehelp
system tricking it into executing arbitrary code as the "wwwrun" user.
Please note that this is only a vulnerability if you have a web server
running and configured to allow access to the susehelp system by remote
sites.
      
Vendor Alerts: SuSE:
 

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/
noarch/susehelp-2002.09.05-51.noarch.rpm
6dde3d487385fd6a935643b1a0d92b86
     

SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2775.html

 

Category:

  • Security
Click Here!