[security] Security Updates
nakis a libero.it
Ven 28 Maggio 2004 11:13:41 CEST
Brad Spender discovered an exploitable bug in the cpufreq code in
the Linux 2.6 kernel (CAN-2004-0228).
As well, a permissions problem existed on some SCSI drivers; a fix
from Olaf Kirch is provided that changes the mode from 0777 to 0600.
This update also provides a 10.0/amd64 kernel with fixes for the
previous MDKSA-2004:037 advisory as well as the above-noted fixes.
The following security alerts came out today:
* Conectiva has issued an update that fixes a URI handler
vulnerability in KDE.
* Gentoo has issued an update that addresses a Kerberos 4 buffer
overflow problem in Heimdal.
* Mandrake has issued several updates. An update for postfix
features minor bug fixes and documentation improvements.
Mailman has a vulnerability where third parties can retrieve
member passwords from the server.
Kolab-server stores OpenLDAP passwords in plain text, kolab
configuration information may be exposed.
Gentoo has updated apache 1.3 fixing problems with Allow/Deny rules and
escape sequences in log files; and midnight commander (several buffer
overflows and format string problems).
Red Hat has updated utempter (symlink vulnerability), lha (buffer
overflows and directory traversal vulnerabilities), and tcpdump (ISAKMP
SUSE has sent out a kdelibs update fixing the URI handling
Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD
viewer. xpcd-svga, part of xpcd which uses svgalib to display
graphics on the console, would copy user-supplied data of arbitrary
length into a fixed-size buffer in the pcd_open function.
A buffer overflow via environmental variables in Firebird may allow a
local user to manipulate or destroy local databases and trojan the
A vulnerability exists in Opera's telnet URI handler that may allow a
remote attacker to overwrite arbitrary files.
Two MySQL utilities create temporary files with hardcoded paths,
allowing an attacker to use a symlink to trick MySQL into overwriting
Adam Gowdiak from the Poznan Supercomputing and Networking Center
has reported that under certain conditions /usr/sbin/cpr binary can
be forced to load a user provided library while restarting the
checkpointed process which can be used to obtain root user privileges.
SGI has released Patch 10075 - SGI Advanced Linux Environment 3 Security
Update #1, which includes updated SGI ProPack 3 RPMs for the SGI Altix
family of systems, in response to the following security issues:
Updated OpenSSL packages fix vulnerabilities
Updated XEmacs packages fix startup segfault on IA64 architecture
Updated elfutils package available
Updated ipsec-tools package fixes vulnerabilities in ISAKMP daemon
Updated CVS packages fix security issue
Updated squid package fixes security vulnerability
Updated Mozilla packages fix security issues
Updated Ethereal packages fix security issues
Updated httpd packages fix mod_ssl security issue
Programming errors in the implementation of the msync(2) system call
involving the MS_INVALIDATE operation lead to cache consistency
problems between the virtual memory system and on-disk contents.
Use Of TCP/IP Reserved Port Zero Causes Integrated Lights-Out
(iLO) To Stop Responding. LAN management products that use
port zero when accessing an Integrated Lights-Out (iLO) in a
ProLiant server will cause iLO to become unresponsive. Port
zero is specified as a reserved port by the Internet
Engineering Task Force (IETF) and should not be used.
A potential vulnerability has been identified with hp OpenView
Select Access which could be exploited to allow a remote user
A potential vulnerability has been identified with HP-UX Java
Runtime Environment (JRE) where an unprivileged remote attacker
may be able to exploit a Denial of Service (DoS).
Mailman is a mailing list manager.
This update fixes the following vulnerabilities for Conectiva Linux
1) Cross site scripting vulnerability in the admin CGI script
2) Cross site scripting vulnerability in the create CGI script
3) Remote password retrieval vulnerability (CAN-2004-0412)
As mentioned in the 2.1.5 release announcement, previous mailman
versions are vulnerable to a password retrieval attack which would
give the attacker the password an user choose when he/she subscribed
to a mailing list.
"libneon" is a library used by some WebDAV clients.
Stefan Esser from e-matters security published an advisory about a
vulnerability in the libneon library which could be abused by
remote WebDAV servers to execute arbitrary code on the client
accessing these servers.
Georgi Guninski discovered a stack-based buffer overflow in
the "SSLOptions +FakeBasicAuth" implementation of Apache's SSL/TLS
extension module mod_ssl. The overflow can occur if the Subject-DN
in the client certificate exceeds 6KB in length and mod_ssl is
configured to trust the issuing CA. The Common Vulnerabilities and
Exposures (CVE) project assigned the id CAN-2004-0488 to the
Ciao e alla prossima!
Maggiori informazioni sulla lista