[ISN] Linux Advisory Watch - December 28th 2001

From: InfoSec News (isnat_private)
Date: Fri Dec 28 2001 - 20:14:21 PST

  • Next message: InfoSec News: "[ISN] Judge: FBI's PC-snooping perfectly lawful"

    +----------------------------------------------------------------+
    |  LinuxSecurity.com                        Linux Advisory Watch |
    |  December 28th, 2001                      Volume 2, Number 52a |
    +----------------------------------------------------------------+
     
      Editors:     Dave Wreski                Benjamin Thomas
                   daveat_private     benat_private
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
    
    This week, advisories were released for mailman, openssh, glibc, namazu,
    stunnel, and gpm.  The vendors include Debian, EnGarde, Red Hat, SuSE, and
    Trustix.
    
    Need a new job?  Search for a technical or managerial job at the
    LinuxSecurity.com Career center.  It is located at:
    
     http://careers.linuxsecurity.com 
    
    Why be vulnerable? Its your choice. - Are you looking for a solution that
    provides the applications necessary to easily create thousands of virtual
    Web sites, manage e-mail, DNS, firewalling database functions for an
    entire organization, and supports high-speed broadband connections all
    using a Web-based front-end? EnGarde Secure Professional provides those
    features and more!
     
    Be Secure with EnGarde Secure Professional: 
    http://store.guardiandigital.com/html/eng/493-AA.shtml
     
    Linux Advisory Watch is a comprehensive newsletter that outlines the
    security vulnerabilities that have been announced throughout the week.It
    includes pointers to updated packages and descriptions of each
    vulnerability.
      
      
    +---------------------------------+
    | mailman                         | ----------------------------//
    +---------------------------------+
    
    Updated Mailman packages are now available for Red Hat PowerTools 7 and
    7.1.  These updates fix cross-site scripting bugs which might allow
    another server to be used to gain a user's private information from a
    server running Mailman.
    
     Red Hat 7.1 i386: 
     ftp://updates.redhat.com/7.1/en/powertools/i386/ 
     mailman-2.0.8-1.i386.rpm 
     23d42ac2e45b24de1e051cdc2855d32a 
    
     Red Hat 7.2 i386: 
     i386: 
     ftp://updates.redhat.com/7.2/en/os/i386/ 
     mailman-2.0.8-1.i386.rpm 
     23d42ac2e45b24de1e051cdc2855d32a 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1764.html
    
    
      
    +---------------------------------+
    |  openSSH                        | ----------------------------//
    +---------------------------------+
    
    A malicious local user can pass environment variables to the login process
    if the administrator enables the UseLogin option.  This can be abused to
    bypass authentication and gain root access.  Note that this option is not
    enabled by default on TSL.
    
     Trustix: 
     ftp://ftp.trustix.net/pub/Trustix/updates/ 
     ./1.5/RPMS/openssh-server-3.0.2p1-3tr.i586.rpm 
     1613df3c919e3278b4b635f5b0f2f480 
    
     ./1.5/RPMS/openssh-clients-3.0.2p1-3tr.i586.rpm 
     c19f0a3b8560713e2598e346d4e5db17  
    
     ./1.5/RPMS/openssh-3.0.2p1-3tr.i586.rpm 
     ffbba79d4cd3d76f4205a8000c8691f0 
    
     Trustix Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1766.html
    
    
      
    +---------------------------------+
    |  glibc                          | ----------------------------//
    +---------------------------------+
    
    The file globbing (matching filenames against patterns such as "*.bak")
    routines in the glibc exhibits an error that results in a heap corruption
    and that may allow a remote attacker to execute arbitrary commands from
    processes that take globbing strings from user input.
    
     i386: SuSE-7.3 
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/ 
     glibc-2.2.4-64.i386.rpm 
     ab4f2c0a14df2fc904a77e3093ab64c1 
    
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/ 
     glibc-devel-2.2.4-64.i386.rpm 
     30fecdf4a05cdbb563f89544d83d3832 
    
     ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/ 
     glibc-profile-2.2.4-64.i386.rpm 
     170136831b255f9fb4f7626bb0db118c 
    
     SuSE Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/suse_advisory-1767.html
    
    
      
    +---------------------------------+
    |   namazu                        | ----------------------------//
    +---------------------------------+
    
    namazu may inadvertently include malicious HTML tags or script in a
    dynamically generated page based on unvalidated input from untrustworthy
    sources.
    
     Red Hat 7.0J: i386: 
     ftp://updates.redhat.com/7.0/ja/os/i386/ 
     namazu-2.0.9-0j1.i386.rpm 
     3ccdb16142a0ae0db0a1abf1985d037e 
     
     ftp://updates.redhat.com/7.0/ja/os/i386/ 
     namazu-devel-2.0.9-0j1.i386.rpm 
     7de1feeb554ab8ce7c8ec8fc52d177f2 
    
     ftp://updates.redhat.com/7.0/ja/os/i386/ 
     namazu-cgi-2.0.9-0j1.i386.rpm 
     e34d70e1b82e2625a2b9f58998bbb7c1 
    
     Red Hat Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/redhat_advisory-1768.html
    
    
      
    
    +---------------------------------+
    |  stunnel                        | ----------------------------//
    +---------------------------------+
    
    There is a format string vulnerability in stunnel which may allow an
    attacker to exploit a victim by impersonating a mail server.  There are a
    couple of instances in stunnel where a format is not passed to a
    printf-like function, leading to your classic format string vulnerability.
    It is not know weather or not it is exploitable at this time but all users
    are recommended to upgrade in any event.
    
     EnGarde: 
     http://ftp.engardelinux.org/pub/engarde/stable/updates/ 
     i386/stunnel-3.22-1.0.4.i386.rpm 
     MD5 Sum:  482ff9210541d73b114404ccb9732cf0 
    
     i686/stunnel-3.22-1.0.4.i686.rpm  
     MD5 Sum:  afad91053b8d482e36e85251fab06755 
    
     EnGarde Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/other_advisory-1769.html
    
    
      
    +---------------------------------+
    |  gpm                            | ----------------------------//
    +---------------------------------+
    
    The package 'gpm' contains the 'gpm-root' program, which can be used to
    create mouse-activated menus on the console. Among other problems, the
    gpm-root program contains a format string vulnerability, which allows an
    attacker to gain root privileges.
    
     Debian Intel IA-32 architecture: 
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     gpm_1.17.8-18.1_i386.deb 
    
     MD5 checksum: 18c837abec8360db146681d2a713177a 
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     libgpm1-altdev_1.17.8-18.1_i386.deb 
     MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e 
    
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     libgpm1_1.17.8-18.1_i386.deb 
     MD5 checksum: 815a1e90fe36e603f0803f92b6898f19 
    
     http://security.debian.org/dists/stable/updates/main/binary-i386/ 
     libgpmg1-dev_1.17.8-18.1_i386.deb 
     MD5 checksum: 514a1baee569e548349f7c4dc2941f3d 
    
     http://security.debian.org/dists/stable/updates/main/binary-i386/l 
     ibgpmg1_1.17.8-18.1_i386.deb 
     MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe 
    
     Debian Vendor Advisory: 
     http://www.linuxsecurity.com/advisories/debian_advisory-1770.html
    
    
    ------------------------------------------------------------------------
    Distributed by: Guardian Digital, Inc.                LinuxSecurity.com
    
         To unsubscribe email vuln-newsletter-requestat_private
             with "unsubscribe" in the subject of the message.
    ------------------------------------------------------------------------
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 01:08:15 PST