[ISN] Linux Advisory Watch - December 28th 2001

From: InfoSec News (isnat_private)
Date: Fri Dec 28 2001 - 20:14:21 PST
Next message: InfoSec News: "[ISN] Judge: FBI's PC-snooping perfectly lawful"
Previous message: InfoSec News: "Re: [ISN] US to yank Kevin Mitnick's radio license"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
+----------------------------------------------------------------+
|  LinuxSecurity.com                        Linux Advisory Watch |
|  December 28th, 2001                      Volume 2, Number 52a |
+----------------------------------------------------------------+
 
  Editors:     Dave Wreski                Benjamin Thomas
               daveat_private     benat_private
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.

This week, advisories were released for mailman, openssh, glibc, namazu,
stunnel, and gpm.  The vendors include Debian, EnGarde, Red Hat, SuSE, and
Trustix.

Need a new job?  Search for a technical or managerial job at the
LinuxSecurity.com Career center.  It is located at:

 http://careers.linuxsecurity.com 

Why be vulnerable? Its your choice. - Are you looking for a solution that
provides the applications necessary to easily create thousands of virtual
Web sites, manage e-mail, DNS, firewalling database functions for an
entire organization, and supports high-speed broadband connections all
using a Web-based front-end? EnGarde Secure Professional provides those
features and more!
 
Be Secure with EnGarde Secure Professional: 
http://store.guardiandigital.com/html/eng/493-AA.shtml
 
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
  
  
+---------------------------------+
| mailman                         | ----------------------------//
+---------------------------------+

Updated Mailman packages are now available for Red Hat PowerTools 7 and
7.1.  These updates fix cross-site scripting bugs which might allow
another server to be used to gain a user's private information from a
server running Mailman.

 Red Hat 7.1 i386: 
 ftp://updates.redhat.com/7.1/en/powertools/i386/ 
 mailman-2.0.8-1.i386.rpm 
 23d42ac2e45b24de1e051cdc2855d32a 

 Red Hat 7.2 i386: 
 i386: 
 ftp://updates.redhat.com/7.2/en/os/i386/ 
 mailman-2.0.8-1.i386.rpm 
 23d42ac2e45b24de1e051cdc2855d32a 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1764.html


  
+---------------------------------+
|  openSSH                        | ----------------------------//
+---------------------------------+

A malicious local user can pass environment variables to the login process
if the administrator enables the UseLogin option.  This can be abused to
bypass authentication and gain root access.  Note that this option is not
enabled by default on TSL.

 Trustix: 
 ftp://ftp.trustix.net/pub/Trustix/updates/ 
 ./1.5/RPMS/openssh-server-3.0.2p1-3tr.i586.rpm 
 1613df3c919e3278b4b635f5b0f2f480 

 ./1.5/RPMS/openssh-clients-3.0.2p1-3tr.i586.rpm 
 c19f0a3b8560713e2598e346d4e5db17  

 ./1.5/RPMS/openssh-3.0.2p1-3tr.i586.rpm 
 ffbba79d4cd3d76f4205a8000c8691f0 

 Trustix Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1766.html


  
+---------------------------------+
|  glibc                          | ----------------------------//
+---------------------------------+

The file globbing (matching filenames against patterns such as "*.bak")
routines in the glibc exhibits an error that results in a heap corruption
and that may allow a remote attacker to execute arbitrary commands from
processes that take globbing strings from user input.

 i386: SuSE-7.3 
 ftp://ftp.suse.com/pub/suse/i386/update/7.3/a1/ 
 glibc-2.2.4-64.i386.rpm 
 ab4f2c0a14df2fc904a77e3093ab64c1 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d1/ 
 glibc-devel-2.2.4-64.i386.rpm 
 30fecdf4a05cdbb563f89544d83d3832 

 ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/ 
 glibc-profile-2.2.4-64.i386.rpm 
 170136831b255f9fb4f7626bb0db118c 

 SuSE Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/suse_advisory-1767.html


  
+---------------------------------+
|   namazu                        | ----------------------------//
+---------------------------------+

namazu may inadvertently include malicious HTML tags or script in a
dynamically generated page based on unvalidated input from untrustworthy
sources.

 Red Hat 7.0J: i386: 
 ftp://updates.redhat.com/7.0/ja/os/i386/ 
 namazu-2.0.9-0j1.i386.rpm 
 3ccdb16142a0ae0db0a1abf1985d037e 
 
 ftp://updates.redhat.com/7.0/ja/os/i386/ 
 namazu-devel-2.0.9-0j1.i386.rpm 
 7de1feeb554ab8ce7c8ec8fc52d177f2 

 ftp://updates.redhat.com/7.0/ja/os/i386/ 
 namazu-cgi-2.0.9-0j1.i386.rpm 
 e34d70e1b82e2625a2b9f58998bbb7c1 

 Red Hat Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/redhat_advisory-1768.html


  

+---------------------------------+
|  stunnel                        | ----------------------------//
+---------------------------------+

There is a format string vulnerability in stunnel which may allow an
attacker to exploit a victim by impersonating a mail server.  There are a
couple of instances in stunnel where a format is not passed to a
printf-like function, leading to your classic format string vulnerability.
It is not know weather or not it is exploitable at this time but all users
are recommended to upgrade in any event.

 EnGarde: 
 http://ftp.engardelinux.org/pub/engarde/stable/updates/ 
 i386/stunnel-3.22-1.0.4.i386.rpm 
 MD5 Sum:  482ff9210541d73b114404ccb9732cf0 

 i686/stunnel-3.22-1.0.4.i686.rpm  
 MD5 Sum:  afad91053b8d482e36e85251fab06755 

 EnGarde Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/other_advisory-1769.html


  
+---------------------------------+
|  gpm                            | ----------------------------//
+---------------------------------+

The package 'gpm' contains the 'gpm-root' program, which can be used to
create mouse-activated menus on the console. Among other problems, the
gpm-root program contains a format string vulnerability, which allows an
attacker to gain root privileges.

 Debian Intel IA-32 architecture: 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 gpm_1.17.8-18.1_i386.deb 

 MD5 checksum: 18c837abec8360db146681d2a713177a 
 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libgpm1-altdev_1.17.8-18.1_i386.deb 
 MD5 checksum: f60aa2b9720ee597f18fa3fa86a8af6e 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libgpm1_1.17.8-18.1_i386.deb 
 MD5 checksum: 815a1e90fe36e603f0803f92b6898f19 

 http://security.debian.org/dists/stable/updates/main/binary-i386/ 
 libgpmg1-dev_1.17.8-18.1_i386.deb 
 MD5 checksum: 514a1baee569e548349f7c4dc2941f3d 

 http://security.debian.org/dists/stable/updates/main/binary-i386/l 
 ibgpmg1_1.17.8-18.1_i386.deb 
 MD5 checksum: 52014c36f8155a0c89e9ade02d91cdbe 

 Debian Vendor Advisory: 
 http://www.linuxsecurity.com/advisories/debian_advisory-1770.html


------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-requestat_private
         with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.
Next message: InfoSec News: "[ISN] Judge: FBI's PC-snooping perfectly lawful"
Previous message: InfoSec News: "Re: [ISN] US to yank Kevin Mitnick's radio license"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b30 : Sat Dec 29 2001 - 01:08:15 PST