[security] security updates
Lorenzo Iannuzzi
nakis a libero.it
Gio 20 Maggio 2004 10:14:52 CEST
http://www.debian.org/security/
Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4
component of heimdal, a free implementation of Kerberos 5. The
problem is present in kadmind, a server for administrative access to
the Kerberos database. This problem could perhaps be exploited to
cause the daemon to read a negative amount of data which could lead to
unexpected behaviour.
Stefan Esser discovered a heap overflow in the CVS server, which
serves the popular Concurrent Versions System. Malformed "Entry"
Lines in combination with Is-modified and Unchanged can be used to
overflow malloc()ed memory. This was prooven to be exploitable.
Stefan Esser discovered a problem in neon, an HTTP and WebDAV client
library, which is also present in cadaver, a command-line client for
WebDAV server. User input is copied into variables not large enough
for all cases. This can lead to an overflow of a static heap
variable.
http://lwn.net/Articles/85898/
Fedora has caught up with the latest batch of security problems, issuing
updates for tcpdump (Fedora Core 1), kdelibs (FC2), cvs (FC1, FC2), neon
(FC1, FC2), and, just to keep CVS from feeling singled out, there are
also updates for a new buffer overflow in subversion (FC1, FC2).
http://lwn.net/Articles/85945/
Fedora has updated ipsec-tools (for FC2) fixing the buffer overflow in
racoon. There is also an FC1 update to kdepim fixing a buffer overflow
in the VCF reader.
Gentoo has sent out updates for icecast (remove denial of service
vulnerability) and kdelibs (URI handler vulnerability).
Mandrake has fixed the cvs and neon vulnerabilities.
OpenPKG has updated cvs, subversion, and neon.
Red Hat has updates for mc (several vulnerabilities), rsync (directory
traversal vulnerability), and libpng (out of bounds memory accesses).
http://lwn.net/Articles/85855/
Fedora Legacy has sent out an update to utempter (for Red Hat Linux 7.2,
7.3, and 8.0) addressing a symlink vulnerability.
Gentoo has updated proftpd fixing an implementation error with
CIDR-based access control lists.
Red Hat has updated cadaver and cvs.
SUSE has sent out an update for the cvs overflow vulnerability.
http://itrc.hp.com/cki/bin/doc.pl/screen=ckiSecurityBulletin
A potential security vulnerability has been identified with HP-UX
running CDE dtlogin software, where the potential vulnerability
may be exploited locally or remotely to allow unauthorized
privileged access or a Denial of Service (DoS).
A potential vulnerability has been identified with HP-UX running
B6848AB GTK+ Support Libraries where a directory permissions issue
could be exploited to allow a local authorized user to gain
elevated privileges.
http://www.trustix.org/errata/2004/0027/
From the Apache http server main page:
In mod_digest, verify whether the nonce returned in the client response
is one we issued ourselves. This problem does not affect mod_auth_digest.
Escape arbitrary data before writing into the errorlog.
Fix starvation issue on listening sockets where a short-lived connection
on a rarely-accessed listening socket will cause a child to hold the
accept mutex and block out new connections until another connection
arrives on that rarely-accessed listening socket.
Fix parsing of Allow/Deny rules using IP addresses without a netmask;
issue is only known to affect big-endian 64-bit platforms
http://www.trustix.org/errata/2004/0029/
There is an integer overflow in the SCTP code in the Linux kernel starting
with 2.4.23-pre5 and up to and including 2.4.25. This could allow for
a local root exploit.
http://www.auscert.org.au
A vulnerability exists in hardware implementations of the IEEE
802.11 wireless protocol that allows for a trivial but effective
attack against the availability of wireless local area network
(WLAN) devices.
http://slackware.com
New mc packages are available for Slackware 9.0, 9.1, and -current to
fix security issues that These could lead to a denial of service or the
execution of arbitrary code as the user running mc.
--
Ciao e alla prossima!
Lorenzo
Maggiori informazioni sulla lista
security