[security] Security Announcements

Lorenzo Iannuzzi nakis a libero.it
Mer 14 Apr 2004 19:06:38 CEST


http://lwn.net/Articles/80309/

 The Apache team disclosed two vulnerabilities in the Apache Web
 Server that affect Conectiva Linux. Both are fixed in this update:
 
 CAN-2003-0020: Unescaped characters in error logs: Apache is not
 filtering escape sequences passed by clients as URLs before writing
 its error logs. An attacker can exploit this vulnerability to, for
 example, pass terminal escape sequences to the logs that when viewed
 in vulnerable terminals may trigger the execution of arbitrary
 commands. This vulnerability has been fixed in Apache 2.0.49 and a
 backported patch is included in this update.
 
 CAN-2004-0113: Denial of Service in mod_ssl: A memory leak has
 been discovered in mod_ssl that may be triggered by sending normal
 HTTP requests to the Apache HTTPS port. An attacker can exploit this
 vulnerability to consume all memory available in the server, thus
 causing a denial of service condition. This problem has been fixed in
 Apache 2.0.49 and a backported patch is included in this update. This
 issue does not affect Conectiva Linux 8 (which has Apache 1.3.X).
 
 Additionally, this update includes a fix for a denial of service
 issue which is reported to not affect Apache on Linux systems.

http://www.debian.org/security/

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
architectures.  The Common Vulnerabilities and Exposures project
identifies the following problems that will be fixed with this update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 and 2.4.18 for the hppa
(PA-RISC) architecture.  The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with this
update:

CAN-2004-0003

    A vulnerability has been discovered in the R128 drive in the Linux
    kernel which could potentially lead an attacker to gain
    unauthorised privileges.  Alan Cox and Thomas Biege developed a
    correction for this

CAN-2004-0010

    Arjan van de Ven discovered a stack-based buffer overflow in the
    ncp_lookup function for ncpfs in the Linux kernel, which could
    lead an attacker to gain unauthorised privileges.  Petr Vandrovec
    developed a correction for this.

CAN-2004-0109

    zen-parse discovered a buffer overflow vulnerability in the
    ISO9660 filesystem component of Linux kernel which could be abused
    by an attacker to gain unauthorised root access.  Sebastian
    Krahmer and Ernie Petrides developed a correction for this.

CAN-2004-0177

    Solar Designer discovered an information leak in the ext3 code of
    Linux.  In a worst case an attacker could read sensitive data such
    as cryptographic keys which would otherwise never hit disk media.
    Theodore Ts'o developed a correction for this.

CAN-2004-0178

    Andreas Kies discovered a denial of service condition in the Sound
    Blaster driver in Linux.  He also developed a correction for this.
-- 

Ciao e alla prossima!
Lorenzo




Maggiori informazioni sulla lista security