-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : ml85p SUMMARY : Insecure temporary file creation DATE : 2003-07-04 14:43:00 ID : CLA-2003:675 RELEVANT RELEASES : 7.0, 8 - ------------------------------------------------------------------------- DESCRIPTION ml85p[1] is a printer driver for the Samsung ML-85G and QL85G printer models. iDEFENSE published[2] the following vulnerabilities in some printer related packages, including ml85p: - mtink: this package is not distributed with Conectiva Linux; - escputil: the escputil program has a buffer overflow vulnerability in the way it deals with a printer name. Long enough names can be used to execute arbitrary code or crash the program. In Conectiva Linux, escputil is NOT a SGID program, so it is not possible to obtain higher privileges by exploiting this problem, but we are nevertheless including a fix with this update. - ml85p: this is a SUID root program and it creates temporary files in an insecure way, which makes it vulnerable to a race condition exploit. A local attacker could easily guess the name of this file and create a symbolic link to anywhere on the system. If the target exists, it will be overwritten; otherwise, it will be created with 0666 permissions (world writable). There is, however, a condition for this to work: the attacker must be able to execute ml85p. By default, it is only executable by root or members of the "sys" group. SOLUTION It is recommended that all ml85p and escputil users upgrade their packages. The ml85p package does not exist in Conectiva Linux 7: only the package corresponding to the escputil tool is being upgraded in that version of the distribution. Due to dependencies in the printer system, several other gimp-print packages in Conectiva Linux 8 have to be updated as well, even though they are not directly related to these vulnerabilities. UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/cups-drivers-1.0-3U70_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-drivers-1.0-3U70_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/ml85p-0.1.0-3U80_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/gimp-print-4.2.0-12U80_1cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ml85p-0.1.0-3U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/escputil-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-da-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-en_GB-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-fr-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-no-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-pl-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-sv-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-devel-ghostscript-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-doc-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-foomatic-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-devel-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-devel-static-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/task-gimp-print-4.2.0-12U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/task-gimp-print-cups-4.2.0-12U80_1cl.i386.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribeat_private unsubscribe: conectiva-updates-unsubscribeat_private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/Bb0v42jd0JmAcZARAiLeAKCthNdeQsX3wavHGRTlW18gcHfIKACgx8o1 KGV7YsGfcmctCofSgfNNllQ= =GFU6 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jul 04 2003 - 14:10:44 PDT