+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| March 28th, 2002 Volume 4, Number 13a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
daveat_private benat_private
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilitiaes that have been announced throughout the week.
It includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for openssl, apcupsd, bonsai, krb5,
lpr, mutt, heimdal, kernel, ecartis, glibc, mysql, bitchx, mod_ssl,
netpbm, rxvt, zlib, evolution, samba, kerberos, ethereal, and file. The
distributors include, Caldera, Debian, Guardian Digital's EnGarde Secure
Linux, Gentoo, Mandrake, NetBSD, Red Hat, SuSE, Trustix, and Turbolinux.
* Comprehensive SPAM Protection! - Guardian Digital's Secure Mail Suite is
unparalleled in security, ease of management, and features. Open source
technology constantly adapts to new threats. Email firewall, simplified
administration, automatically updated.
--> http://ads.linuxsecurity.com/cgi-bin/ad_redirect.pl?id=mail2
LinuxSecurity Feature Extras:
Making It Big: Large Scale Network Forensics (Part 1 of 2) - Computer
forensics have hit the big time. A previously superniche technology,
forensics have moved into the collective consciousness of IT sys. admins.
and Corporate CSOs.
http://www.linuxsecurity.com/feature_stories/feature_story-139.html
Remote Syslog with MySQL and PHP - Msyslog has the ability to log syslog
messages to a database. This allows for easier monitoring of multiple
servers and the ability to be display and search for syslog messages using
PHP or any other programming language that can communicate with the
database.by that, too.
http://www.linuxsecurity.com/feature_stories/feature_story-138.html
+---------------------------------+
| Package: openssl | ----------------------------//
| Date: 03-22-2003 |
+---------------------------------+
Description:
Researchers have discovered a timing attack on RSA keys, to which OpenSSL
is generally vulnerable, unless RSA blinding has been turned on.
Vendor Alerts:
Caldera:
openssl-0.9.6-21.i386.rpm
cae226f7eb06d23837e4f253c024cc77
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-014.0/RPMS
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3039.html
FreeBSD:
FreeBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-3035.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3042.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3063.html
NetBSD:
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-3069.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-3074.html
TurboLinux:
TurboLInux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3075.html
+---------------------------------+
| Package: apcupsd | ----------------------------//
| Date: 03-22-2003 |
+---------------------------------+
Description:
Multiple vulnerabilities in apcupsd including a buffer overflow and format
string vulnerability have been fixed.
Vendor Alerts:
Caldera:
apcupsd-3.8.6-1.i386.rpm
a2c0d41800f62383c65f77858f0c3898
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/
Server/CSSA-2003-014.0/RPMS
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-3057.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3060.html
+---------------------------------+
| Package: bonsai | ----------------------------//
| Date: 03-21-2003 |
+---------------------------------+
Description:
Several security related bugs have been fix in bonsai.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/b/bonsai/
bonsai_1.3+cvs20020224-1woody1_i386.deb
Size/MD5 checksum: 154122 c2b39dfcfc33c3752afcb744323a91a2
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3025.html
+---------------------------------+
| Package: krb5 | ----------------------------//
| Date: 03-21-2003 |
+---------------------------------+
Description:
Several vulnerabilities have been discovered in krb5, an
implementation of MIT Kerberos.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3040.html
+---------------------------------+
| Package: lpr | ----------------------------//
| Date: 03-24-2003 |
+---------------------------------+
Description:
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
printer spooling system. This problem can be exploited by a local
user to gain root privileges, even if the printer system is set up
properly.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/l/
lpr/lpr_0.48-1.1_i386.deb
Size/MD5 checksum: 85960 1758a9683ae487c20f46a73ba32d9c15
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3050.html
TurboLinux:
TurboLinux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3047.html
+---------------------------------+
| Package: mutt | ----------------------------//
| Date: 03-25-2003 |
+---------------------------------+
Description:
Core Security Technologies discovered a buffer overflow in the IMAP
code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG,
PGP and threading. This problem allows a remote malicious IMAP
server to cause a denial of service (crash) and possibly execute
arbitrary code via a specially crafted mail folder.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/m/
mutt/mutt_1.3.28-2.1_i386.deb
Size/MD5 checksum: 1301398 f20f7221425af30530cc4c32fa93c5d9
http://security.debian.org/pool/updates/main/m/
mutt/mutt-utf8_1.3.28-2.1_i386.deb
Size/MD5 checksum: 360742 c37eb100e007a5afa6fbcc6174f01266
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3064.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3041.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3045.html
+---------------------------------+
| Package: heimdal | ----------------------------//
| Date: 03-25-2003 |
+---------------------------------+
Description:
A cryptographic weakness in version 4 of the Kerberos protocol allows an
attacker to use a chosen-plaintext attack to impersonate any principal in
a realm. Additional cryptographic weaknesses in the krb4 implementation
permit the use of cut-and-paste attacks to fabricate krb4 tickets for
unauthorized client principals if triple-DES keys are used to key krb4
services. These attacks can subvert a site's entire Kerberos
authentication infrastructure.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/h/heimdal/
heimdal-docs_0.4e-7.woody.6_all.deb
Size/MD5 checksum: 1055480 e22766e034934ac5b6664468d1bd39c4
http://security.debian.org/pool/updates/main/h/heimdal/
heimdal-lib_0.4e-7.woody.6_all.deb
Size/MD5 checksum: 19456 3be2de9ba824fd90ec6f0df606e9d716
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3065.html
+---------------------------------+
| Package: kernel | ----------------------------//
| Date: 03-27-2003 |
+---------------------------------+
Description:
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in
ptrace. This hole allows local users to obtain root privileges by using
ptrace to attach to a child process that is spawned by the kernel. Remote
exploitation of this hole is not possible.
Vendor Alerts:
Debian:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3071.html
SuSE:
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3060.html
+---------------------------------+
| Package: ecartis | ----------------------------//
| Date: 03-27-2003 |
+---------------------------------+
Description:
A problem has been discovered in ecartis, a mailing list manager, formerly
known as listar. This vulnerability enables an attacker to reset the
password of any user defined on the list server, including the list
admins.
Vendor Alerts:
Debian:
http://security.debian.org/pool/updates/main/l/listar/
listar_0.129a-2.potato3_i386.deb
Size/MD5 checksum: 301830 aa8d67d1f07cb0a769d2030708e3725c
http://security.debian.org/pool/updates/main/l/listar/
listar-cgi_0.129a-2.potato3_i386.deb
Size/MD5 checksum: 25342 efd78841548a3e97b0d0557e8b360a3d
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-3076.html
+---------------------------------+
| Package: glibc | ----------------------------//
| Date: 03-21-2003 |
+---------------------------------+
Description:
This update fixes an integer overflow in the xdrmem_getbytes() function of
glibc.
Vendor Alerts:
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/glibc-2.1.3-1.0.7.i386.rpm
MD5 Sum: 555c7d9d0f43887fe1c2ddf16eb1555b
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html
Gentoo:
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3051.html
Mandrake:
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3059.html
NetBSD:
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-3067.html
Trustix:
Trustix Vendor Advisory:
http://www.linuxsecurity.com/advisories/trustix_advisory-3073.html
+---------------------------------+
| Package: mysql | ----------------------------//
| Date: 03-21-2003 |
+---------------------------------+
Description:
Versions of MySQL prior to 3.23.56 contained a vulnerability which
could allow MySQL users to gain root privileges by using "SELECT *
INFO OUTFILE" to overwrite a configuration file, causing MySQL to run
as root upon its next restart.
Vendor Alerts:
EnGarde:
ftp://ftp.engardelinux.org/pub/engarde/stable/updates/
i386/MySQL-3.23.56-1.0.23.i386.rpm
MD5 Sum: 2e1d87123f531aa9f9db629b9791224b
i386/MySQL-client-3.23.56-1.0.23.i386.rpm
MD5 Sum: 732e50874839f55c0d45b8090eba28bb
i386/MySQL-shared-3.23.56-1.0.23.i386.rpm
MD5 Sum: cde31e38d9b2e421de6cf4a25ce8f041
i686/MySQL-3.23.56-1.0.23.i686.rpm
MD5 Sum: acbba1bb7409fe800d2fc733446cb1d7
i686/MySQL-client-3.23.56-1.0.23.i686.rpm
MD5 Sum: f3c98f5a75f4e5875aa5b248bb121999
i686/MySQL-shared-3.23.56-1.0.23.i686.rpm
MD5 Sum: d0a2799942ad77b2cbdd1b0ccc5e7fc3
EnGarde Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
+---------------------------------+
| Package: bitchx | ----------------------------//
| Date: 03-24-2003 |
+---------------------------------+
Description:
Bitchx is full of sprintf() calls and relying on BIG_BUFFER_SIZE
being large enough.
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html
+---------------------------------+
| Package: mod_ssl | ----------------------------//
| Date: 03-22-2003 |
+---------------------------------+
Description:
"Researchers have discovered a timing attack on RSA keys, to which
OpenSSL is generally vulnerable, unless RSA blinding has been turned
on."
Vendor Alerts:
Gentoo:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Gentoo Vendor Advisory:
http://www.linuxsecurity.com/advisories/gentoo_advisory-3052.html
+---------------------------------+
| Package: netpbm | ----------------------------//
| Date: 03-25-2003 |
+---------------------------------+
Description:
Several math overflow errors were found in NetPBM by Al Viro and Alan Cox.
While these programs are not installed suid root, they are often used to
prepare data for processing. These errors may permit remote attackers to
cause a denial of service or execute arbitrary code in any programs or
scripts that use these graphics conversion tools.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3058.html
+---------------------------------+
| Package: rxvt | ----------------------------//
| Date: 03-25-2003 |
+---------------------------------+
Description:
Digital Defense Inc. released a paper detailing insecurities in various
terminal emulators, including rxvt. Many of the features supported by
these programs can be abused when untrusted data is displayed on the
screen. This abuse can be anything from garbage data being displayed to
the screen or a system compromise.
Vendor Alerts:
Mandrake:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Mandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-3062.html
TurboLinux:
TurboLinux Vendor Advisory:
http://www.linuxsecurity.com/advisories/turbolinux_advisory-3047.html
+---------------------------------+
| Package: zlib | ----------------------------//
| Date: 03-25-2003 |
+---------------------------------+
Description:
The gzprintf function in zlib did not do bounds checking on user supplied
data. Depending on how the function is used in an application, malign
source data can be designed to overflow a buffer and execute arbitrary
code as the user of the application.
Vendor Alerts:
NetBSD:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
NetBSD Vendor Advisory:
http://www.linuxsecurity.com/advisories/netbsd_advisory-3070.html
+---------------------------------+
| Package: evolution | ----------------------------//
| Date: 03-25-2003 |
+---------------------------------+
Description:
Updated Evolution packages are available which fix several
vulnerabilities.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3028.html
http://www.linuxsecurity.com/advisories/redhat_advisory-3053.html
+---------------------------------+
| Package: samba | ----------------------------//
| Date: 03-21-2003 |
+---------------------------------+
Description:
Updated samba packages are now available to fix security
vulnerabilities found during a code audit.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3054.html
+---------------------------------+
| Package: kerberos | ----------------------------//
| Date: 03-26-2003 |
+---------------------------------+
Description:
Updated Kerberos packages fix a number of vulnerabilities found in
MIT Kerberos.
Vendor Alerts:
Red Hat:
PLEASE SEE VENDOR ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-3072.html
+---------------------------------+
| Package: ethereal | ----------------------------//
| Date: 03-26-2003 |
+---------------------------------+
Description:
Ethereal is a GUI for analyzing and displaying network traffic.
Ethereal is vulnerable to a format string bug in it's SOCKS code and
to a heap buffer overflow in it's NTLMSSP code. These bugs can be
abused to crash ethereal or maybe to execute arbitrary code on the
machine running ethereal.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/ethereal-0.9.6-152.i586.rpm
1ea03e4f888f30bc37669ea4dd0cfe30
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3031.html
+---------------------------------+
| Package: file | ----------------------------//
| Date: 03-21-2003 |
+---------------------------------+
Description:
The file command can be used to determine the type of files.
iDEFENSE published a security report about a buffer overflow in the
handling-routines for the ELF file-format.
Vendor Alerts:
SuSE:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/
rpm/i586/file-3.37-206.i586.rpm
06e1fa8c7e00fd848b9ccff104a096f0
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-3029.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-requestat_private
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Mar 31 2003 - 05:04:42 PST