[security] Security Announcements
Lorenzo Iannuzzi
nakis a libero.it
Mer 14 Apr 2004 19:06:38 CEST
http://lwn.net/Articles/80309/
The Apache team disclosed two vulnerabilities in the Apache Web
Server that affect Conectiva Linux. Both are fixed in this update:
CAN-2003-0020: Unescaped characters in error logs: Apache is not
filtering escape sequences passed by clients as URLs before writing
its error logs. An attacker can exploit this vulnerability to, for
example, pass terminal escape sequences to the logs that when viewed
in vulnerable terminals may trigger the execution of arbitrary
commands. This vulnerability has been fixed in Apache 2.0.49 and a
backported patch is included in this update.
CAN-2004-0113: Denial of Service in mod_ssl: A memory leak has
been discovered in mod_ssl that may be triggered by sending normal
HTTP requests to the Apache HTTPS port. An attacker can exploit this
vulnerability to consume all memory available in the server, thus
causing a denial of service condition. This problem has been fixed in
Apache 2.0.49 and a backported patch is included in this update. This
issue does not affect Conectiva Linux 8 (which has Apache 1.3.X).
Additionally, this update includes a fix for a denial of service
issue which is reported to not affect Apache on Linux systems.
http://www.debian.org/security/
Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc
architectures. The Common Vulnerabilities and Exposures project
identifies the following problems that will be fixed with this update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the Linux
kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could
lead an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian
Krahmer and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.
Several serious problems have been discovered in the Linux kernel.
This update takes care of Linux 2.4.17 and 2.4.18 for the hppa
(PA-RISC) architecture. The Common Vulnerabilities and Exposures
project identifies the following problems that will be fixed with this
update:
CAN-2004-0003
A vulnerability has been discovered in the R128 drive in the Linux
kernel which could potentially lead an attacker to gain
unauthorised privileges. Alan Cox and Thomas Biege developed a
correction for this
CAN-2004-0010
Arjan van de Ven discovered a stack-based buffer overflow in the
ncp_lookup function for ncpfs in the Linux kernel, which could
lead an attacker to gain unauthorised privileges. Petr Vandrovec
developed a correction for this.
CAN-2004-0109
zen-parse discovered a buffer overflow vulnerability in the
ISO9660 filesystem component of Linux kernel which could be abused
by an attacker to gain unauthorised root access. Sebastian
Krahmer and Ernie Petrides developed a correction for this.
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.
CAN-2004-0178
Andreas Kies discovered a denial of service condition in the Sound
Blaster driver in Linux. He also developed a correction for this.
--
Ciao e alla prossima!
Lorenzo
Maggiori informazioni sulla lista
security