November 29, 2002

Linux Advisory Watch - November 29th 2002

By Benjamin
D. Thomas

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for pine, samba, python, sendmail,
kernel, and mod_php.  The distributors include Conectiva, Debian,
Guardian Digital's EnGarde Secure Linux, Mandrake, Red Hat, Slackware,
SuSE, and Trustix.

LinuxSecurity Feature Extras:

Security:
MySQL and PHP (3 of 3)
-
This is the third installation of a 3
part article on LAMP (Linux Apache MySQL PHP). In order to safeguard a
MySQL server to the basic level, one has to abide by the following guidelines.

FEATURE: 
Security: Physical and Service (1 of 3)
- The first installation
of a 3 part article covering everything from physical security and service
security to LAMP security (Linux Apache MySQL PHP).

[ Linux
Advisory Watch
] - [ Linux
Security Week
] - [ PacketStorm
Archive
] - [ Linux Security
Documentation
]


 
Package: pine
Date: 11-22-2002
Description: It
is possible for an attacker to bypass the restrictions imposed by The Sendmail
Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing
by inserting a special character sequence into his .forward file. SMRSH
is an application intended as a replacement for sh for use in Sendmail.
Vendor Alerts: SuSE: 
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/
i586/pine-4.44-224.i586.rpm
8c32d5571d7488e31f693a884dedb81e
   
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-2607.html
 

EnGarde:

i386/pine-4.50-1.0.9.i386.rpm
MD5 Sum: ff1db113dcddb5b64f5e62231deb44bc

i686/pine-4.50-1.0.9.i686.rpm
MD5 Sum: a82c4318b516f0a2990e4ad286e01646

ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
      

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html

 

Package: samba
Date: 11-22-2002
Description: Steve
Langasek found an exploitable bug in the password handling code in samba:
when converting from DOS code-page to little endian UCS2 unicode a buffer
length was not checked and a buffer could
be overflowed.
There is no known exploit for this, but an upgrade is strongly recommended.
Vendor Alerts:
 

PLEASE SEE VENDOR ADIVSORY
FOR UPDATE

Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-2606.html

Conectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2604.html

Slackware Vendor Advisory:
http://www.linuxsecurity.com/advisories/slackware_advisory-2601.html

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2605.html

Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-2612.html

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2610.html

 

Package: python
Date: 11-25-2002
Description: A
vulnerability was discovered in python by Zack Weinberg in the way that
the execvpe() method from the os.py module uses a temporary file name. 
The file is created in an unsafe manner and execvpe() tries to execute
it, which can be used by a local attacker to execute arbitrary code with
the privilege of the user running the python code that is using this method.
Vendor Alerts: Mandrake: 
http://www.mandrakesecure.net/en/ftp.php

9.0/RPMS/libpython2.2-2.2.1-14.1mdk.i586.rpm
68816873ca418b97541ab7b817659f6d  

9.0/RPMS/libpython2.2-devel-2.2.1-14.1mdk.i586.rpm
b563b5a12f11f65463e21e5035b5bff6  

9.0/RPMS/python-2.2.1-14.1mdk.i586.rpm
1fd791067dd84dc2f7ed0b9d1d67348d  

9.0/RPMS/python-base-2.2.1-14.1mdk.i586.rpm
3e011ff7fb03797803b129341ff7f087  

9.0/RPMS/python-docs-2.2.1-14.1mdk.i586.rpm
09d9075dc6cf328b4815a01642cee8c3  

9.0/RPMS/tkinter-2.2.1-14.1mdk.i586.rpm
aad20ece68004cc82d62afd161d855a0  
 

Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-2611.html

 

Package: sendmail
Date: 11-22-2002
Description: It
is possible for an attacker to bypass the restrictions imposed by The Sendmail
Consortium's Restricted Shell (SMRSH) and execute a binary of his choosing
by inserting a special character sequence into his .forward file. SMRSH
is an application intended as a replacement for sh for use in Sendmail.
Vendor Alerts: Caldera: 
PLEASE SEE VENDOR
ADIVSORY FOR UPDATE

Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-2600.html

 

Package: EnGarde
kernel
Date: 11-22-2002
Description: Solar
Designer kindly pointed out to us that our last kernel update (ESA-20021022-026)
was incomplete because 2.2.22-rc1 did not contain all the critical security
fixes.  This update backports the remaining fixes.
Vendor Alerts: EnGarde: 
PLEASE SEE VENDOR
ADIVSORY FOR UPDATE

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2602.html

 

Package: Red
Hat kernel
Date: 11-25-2002
Description: The
Linux kernel handles the basic functions of the operating system. 
A vulnerability in the Linux kernel has been discovered in which a non-root
user can cause the machine to freeze. This kernel addresses the vulnerability.  
 
Vendor Alerts: Red Hat: 
PLEASE SEE VENDOR
ADIVSORY FOR UPDATE

Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-2609.html

 

 

Package: mod_php
Date: 11-22-2002
Description: This
update upgrades PHP in EnGarde 1.0.1, 1.1, and 1.2 to version 4.2.3. 
This update also fixes a recent vulnerability where a script could bypass
safe mode restrictions.
Vendor Alerts: EnGarde: 
PLEASE SEE VENDOR
ADIVSORY FOR UPDATE

EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-2603.html

Click Here!