Scientific Linux: 2010-03-30 Low: Brltty Security Errata and Fix

Date: Tue, 27 Apr 2010 10:57:01 -0500
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Low: brltty on SL5.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Low: brltty security and bug fix update
Issue date:	2010-03-30
CVE Names:	CVE-2008-3279

It was discovered that a brltty library had an insecure relative RPATH
(runtime library search path) set in the ELF (Executable and Linking
Format) header. A local user able to convince another user to run an
application using brltty in an attacker-controlled directory, could run
arbitrary code with the privileges of the victim. (CVE-2008-3279)

These updated packages also provide fixes for the following bugs:

* the brltty configuration file is documented in the brltty manual page,
but there is no separate manual page for the /etc/brltty.conf
configuration file: running "man brltty.conf" returned "No manual entry
for brltty.conf" rather than opening the brltty manual entry. This
update adds brltty.conf.5 as an alias to the brltty manual page.
Consequently, running "man brltty.conf" now opens the manual entry
documenting the brltty.conf specification. (BZ#530554)

* previously, the brltty-pm.conf configuration file was installed in the
/etc/brltty/ directory. This file, which configures Papenmeier Braille
Terminals for use with Scientific Linux, is optional. As well, it did
not come with a corresponding manual page. With this update, the file
has been moved to
/usr/share/doc/brltty-3.7.2/BrailleDrivers/Papenmeier/. This directory
also includes a README document that explains the file's purpose and
format. (BZ#530554)

* during the brltty packages installation, the message

Creating screen inspection device /dev/vcsa...done.

was presented at the console. This was inadequate, especially during the
initial install of the system. These updated packages do not send any
message to the console during installation. (BZ#529163)

* although brltty contains ELF objects, the brltty-debuginfo package was
empty. With this update, the -debuginfo package contains valid debugging
information as expected. (BZ#500545)

* the MAX_NR_CONSOLES definition was acquired by brltty by #including
linux/tty.h in Programs/api_client.c. MAX_NR_CONSOLES has since moved to
linux/vt.h but the #include in api_client.c was not updated.
Consequently, brltty could not be built from the source RPM against the
Scientific Linux 5 kernel. This update corrects the #include in
api_client.c to linux/vt.h and brltty now builds from source as
expected. (BZ#456247)

SL 5.x

 SRPMS:
brltty-3.7.2-4.el5.src.rpm
 i386:
brlapi-0.4.1-4.el5.i386.rpm
brlapi-devel-0.4.1-4.el5.i386.rpm
brltty-3.7.2-4.el5.i386.rpm
 x86_64:
brlapi-0.4.1-4.el5.i386.rpm
brlapi-0.4.1-4.el5.x86_64.rpm
brlapi-devel-0.4.1-4.el5.i386.rpm
brlapi-devel-0.4.1-4.el5.x86_64.rpm
brltty-3.7.2-4.el5.x86_64.rpm

-Connie Sieh
-Troy Dawson