[security] Security Updates

Lorenzo Iannuzzi nakis a libero.it
Ven 28 Maggio 2004 11:13:41 CEST


 Brad Spender discovered an exploitable bug in the cpufreq code in
 the Linux 2.6 kernel (CAN-2004-0228).
 As well, a permissions problem existed on some SCSI drivers; a fix
 from Olaf Kirch is provided that changes the mode from 0777 to 0600.
 This update also provides a 10.0/amd64 kernel with fixes for the
 previous MDKSA-2004:037 advisory as well as the above-noted fixes.


The following security alerts came out today: 

      * Conectiva has issued an update that fixes a URI handler
        vulnerability in KDE. 
      * Gentoo has issued an update that addresses a Kerberos 4 buffer
        overflow problem in Heimdal. 
      * Mandrake has issued several updates. An update for postfix
        features minor bug fixes and documentation improvements. 
        Mailman has a vulnerability where third parties can retrieve
        member passwords from the server. 
        Kolab-server stores OpenLDAP passwords in plain text, kolab
        configuration information may be exposed.


Gentoo has updated apache 1.3 fixing problems with Allow/Deny rules and
escape sequences in log files; and midnight commander (several buffer
overflows and format string problems). 

Red Hat has updated utempter (symlink vulnerability), lha (buffer
overflows and directory traversal vulnerabilities), and tcpdump (ISAKMP
parsing vulnerability). 

SUSE has sent out a kdelibs update fixing the URI handling


Jaguar discovered a vulnerability in one component of xpcd, a PhotoCD
viewer.  xpcd-svga, part of xpcd which uses svgalib to display
graphics on the console, would copy user-supplied data of arbitrary
length into a fixed-size buffer in the pcd_open function.


A buffer overflow via environmental variables in Firebird may allow a
local user to manipulate or destroy local databases and trojan the
Firebird binaries.


A vulnerability exists in Opera's telnet URI handler that may allow a
remote attacker to overwrite arbitrary files.


Two MySQL utilities create temporary files with hardcoded paths,
allowing an attacker to use a symlink to trick MySQL into overwriting
important data.


Adam Gowdiak from the Poznan Supercomputing and Networking Center
has reported that under certain conditions /usr/sbin/cpr binary can
be forced to load a user provided library while restarting the
checkpointed process which can be used to obtain root user privileges.

SGI has released Patch 10075 - SGI Advanced Linux Environment 3 Security
Update #1, which includes updated SGI ProPack 3 RPMs for the SGI Altix
family of systems, in response to the following security issues:

Updated OpenSSL packages fix vulnerabilities

Updated XEmacs packages fix startup segfault on IA64 architecture

Updated elfutils package available

Updated ipsec-tools package fixes vulnerabilities in ISAKMP daemon

Updated CVS packages fix security issue

Updated squid package fixes security vulnerability

Updated Mozilla packages fix security issues

Updated Ethereal packages fix security issues

Updated httpd packages fix mod_ssl security issue


Programming errors in the implementation of the msync(2) system call
involving the MS_INVALIDATE operation lead to cache consistency
problems between the virtual memory system and on-disk contents.


Use Of TCP/IP Reserved Port Zero Causes Integrated Lights-Out
(iLO) To Stop Responding. LAN management products that use
port zero when accessing an Integrated Lights-Out (iLO) in a
ProLiant server will cause iLO to become unresponsive. Port
zero is specified as a reserved port by the Internet
Engineering Task Force (IETF) and should not be used.

A potential vulnerability has been identified with hp OpenView
Select Access which could be exploited to allow a remote user
unauthorized access.

A potential vulnerability has been identified with HP-UX Java
Runtime Environment (JRE) where an unprivileged remote attacker
may be able to exploit a Denial of Service (DoS).


 Mailman is a mailing list manager.
 This update fixes the following vulnerabilities for Conectiva Linux
 1) Cross site scripting vulnerability in the admin CGI script
 2) Cross site scripting vulnerability in the create CGI script
 3) Remote password retrieval vulnerability (CAN-2004-0412)
 As mentioned in the 2.1.5 release announcement, previous mailman
 versions are vulnerable to a password retrieval attack which would
 give the attacker the password an user choose when he/she subscribed
 to a mailing list.

 "libneon" is a library used by some WebDAV clients.
 Stefan Esser from e-matters security published an advisory about a
 vulnerability in the libneon library which could be abused by
 remote WebDAV servers to execute arbitrary code on the client
 accessing these servers.


  Georgi Guninski discovered a stack-based buffer overflow in
  the "SSLOptions +FakeBasicAuth" implementation of Apache's SSL/TLS
  extension module mod_ssl. The overflow can occur if the Subject-DN
  in the client certificate exceeds 6KB in length and mod_ssl is
  configured to trust the issuing CA. The Common Vulnerabilities and
  Exposures (CVE) project assigned the id CAN-2004-0488 to the

Ciao e alla prossima!

Maggiori informazioni sulla lista security