Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 13 articles for you...
87

Debian: DSA 1053-2 Severe: OpenSSL Buffer Overflow Remote Risk

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1052-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : cgiirc Vulnerability : buffer overflows Problem type : remote Debian-specific: no CVE ID : CVE-2006-2148 Debian Bug : 365680 Several buffer overflows have been discovered in cgiirc, a web-based IRC client, which could be exploited to execute arbitrary code. The old stable distribution (woody) does not contain cgiirc packages. For the stable distribution (sarge) these problems have been fixed in version 0.5.4-6sarge1. For the unstable distribution (sid) these problems have been fixed in version 0.5.4-6sarge1. We recommend that you upgrade your cgiirc package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 590 daed94ad35a0ac4935086bfd1379c20f Size/MD5 checksum: 13507 a885a3704d8313920548f156d764dec6 Size/MD5 checksum: 127545 c32ce6514626729ef8cf30cf7bd1a51e Alpha architecture: Size/MD5 checksum: 122974 55a573eb356b35cb32b651ca570d76f6 AMD64 architecture: Size/MD5 checksum: 122526 25977ad46ac501c8c81de1347dac8cc9 ARM architecture: Size/MD5 checksum: 122004 594434fc3222bd093b4b202e2e9df1ec Intel IA-32 architecture: Size/MD5 checksum: 122082 e5d18578977303524a6d9c92a314b0cf Intel IA-64 architecture: Size/MD5 checksum: 123546 b91e34892993e4d176d3fa8ff970f123 HP Precision architecture: Size/MD5 checksum: 122868 96f3c61fa95509d03277209d5549a037 Motorola 680x0 architecture: Size/MD5 checksum: 121960 e6a1341cee535289a78ef0e2ca33badd Big endian MIPS architecture: Size/MD5 checksum: 123686 ebebe98b959b9985581338ffa5f60857 Little endian MIPS architecture: Size/MD5 checksum: 123688 0004985ff0018cad8ff54630b4b96e7d PowerPC architecture: Size/MD5 checksum: 122502 d2b6b1cbd8d05baebdbd7febd16edc39 IBM S/390 architecture: Size/MD5 checksum: 122504 833f9eb5d35ec6baac52ceec8193422d Sun Sparc architecture: Size/MD5 checksum: 122060 e611d3c02896f065d3989a3182cd4fd7 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Upgrade cgiirc on your Debian system to enhance security against remote code execution vulnerabilities from buffer overflows. Follow the steps to upgrade:. Debian Security Advisory, cgiirc buffer overflow, security patch, remote code execution, Debian upgrade. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 08, 2006 Critical Debian
91

Gentoo GLSA-200504-16 High: CVS Multiple Issues Cause Remote Exploit

Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200504-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: CVS: Multiple vulnerabilities Date: April 18, 2005 Bugs: #86476 ID: 200504-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Several serious vulnerabilities have been found in CVS, which may allow an attacker to remotely compromise a CVS server or cause a DoS. Background ========= CVS (Concurrent Versions System) is an open-source network-transparent version control system. It contains both a client utility and a server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/cvs < 1.11.18-r1 > = 1.11.18-r1 Description ========== Alen Zukich has discovered several serious security issues in CVS, including at least one buffer overflow (CAN-2005-0753), memory leaks and a NULL pointer dereferencing error. Impact ===== An attacker could exploit these vulnerabilities to cause a Denial of Service or execute arbitrary code with the permissions of the CVS pserver or the authenticated user (depending on the connection method used). Workaround ========= There is no known workaround at this time. Resolution ========= All CVS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-util/cvs-1.11.18-r1" References ========= [ 1 ] CAN-2005-0753 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0753 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200504-16 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.0/ . Several critical weaknesses in CVS may enable remote exploitation and denial-of-service assaults on Gentoo platforms.. CVS Exploit, Gentoo Advisory, Remote Attack, DoS Threat, Security Update. . LinuxSecurity.com Team

Calendar%202 Apr 18, 2005 Gentoo
100

SUSE 2004-041 Moderate: Integer Overflow Threat in XPM Library

The XPM library which is part of the XFree86/XOrg project is used by The XPM library which is part of the XFree86/XOrg project is used by several GUI applications to process XPM image files. several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: xshared, XFree86-libs, xorg-x11-libs Announcement-ID: SUSE-SA:2004:041 Date: Wednesday, Nov 17th 2004 15:00 MET Affected products: 8.1, 8.2, 9.0, 9.1, 9.2 SUSE Linux Desktop 1.0 SUSE Linux Enterprise Server 8, 9 Novell Linux Desktop 1.0 Vulnerability Type: remote system compromise Severity (1-10): 8 SUSE default package: yes Cross References: none Content of this advisory: 1) security vulnerability resolved: - several integer overflows - out-of-bounds memory access - shell command execution - path traversal - endless loops - memory leaks problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - ImageMagick - clamav - perl-MIME-Tools, perl-Archive-ZIP - apache / mod_include - apache2 / mod_SSL 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion The XPM library which is part of the XFree86/XOrgproject is used by several GUI applications to process XPM image files. A source code review done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. The bug types are: - integer overflows - out-of-bounds memory access - shell command execution - path traversal - endless loops By providing a special image these bugs can be exploited by remote and/or local attackers to gain access to the system or to escalate their local privileges. 2) solution/workaround No workaround exists to protect against these bugs. 3) special instructions and notes Please restart the X server or switch to runlevel 3 and back to 5 to make sure every GUI application is restarted and uses the new library. 4) package location and checksums Download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered for installation from the maintenance web. Smalltalk is the only package using libxpm statically. It will be available via YOU too. x86 Platform: SUSE Linux 9.2: 395edf444f05b448aa7c7e70455333ce patch rpm(s): 8d215ce255838120c70ba77ad944a84f source rpm(s): 3889aee5895035c57c716f370f5e414a SUSE Linux 9.1: 89431783cd8261a970d6ec5484dd09e6 patch rpm(s): 8ea579d10465143a2334be812f23561e source rpm(s): a37eaa7e7b99c5c3e61439f2a4b00b2d SUSE Linux 9.0: a12b2e861f114868fd70997f72536c8b patch rpm(s): c6ea49a796b316aa68dacc51ffd8eb8d source rpm(s): f53026511a470b875b0f9a63c52128d3 SUSE Linux 8.2: b918f14df14961cf89528a930f49d7c4 patch rpm(s): 9c9c268bb248f1bcf2ef899ced2d5aa4 source rpm(s): 9a7846ddf22d58f9f64704b3a2451640 SUSE Linux 8.1: d4549acb039d8bf317bc6052598764c9 patch rpm(s): fcfc17915fdddb48ea84e4d528752edc source rpm(s): 3e1d6cf799d0a8e10e2597458264812e x86-64 Platform: SUSE Linux 9.2: e1a271567b2c784aedf3b10f60bbf8a1 patch rpm(s): fe95d10e1287ebbe56ba8d7a07954431 source rpm(s): da697a970a5672a96016fff405f72692 SUSE Linux 9.1: 37b2d73337bd0d70dcc092c0e15a0911 patch rpm(s): d72e54995bd6468cf1ea78da81546a69 source rpm(s): 0158b2653157f518f8dcf030927c2107 SUSE Linux 9.0: 06a4fd1bd6eeb43fd82e18b9a255ff78 patch rpm(s): da96d1c51020a7de70195458b197fa3b source rpm(s): f369153e40af338af2fd67957db09cff ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: - ImageMagick This update fixes an additional problem in the EXIF handling of ImageMagick, which could lead to a buffer overflow. This could enable remote attackers feeding handcrafted images to execute code as the user handling the image. New packages are available. - clamav The clamav version shipped with SUSE Linux is too old for the new data files. The version has been upgraded to 0.80. - perl-Mime-Tools / perl-Archive-ZIP Problems in the perl-MIME-Tools and perl-Archive-ZIP packages have been found which could allow virii to pass virus scanners using those packages (like for instance clamav). Fixed packages are in testing and will be released soon. - Apache 1.3 / mod_include A potential buffer overflow and a argument sanitization problem were found in the mod_include Apache 1.3 module. These issues are tracked as CAN-2004-0940 and CAN-2004-0492 by Mitre CVE. Fixed packages are in testingand will be released soon. - Apache 2 / mod_SSL SSL Ciphersuite bypass problems were identified and fixed by the Apache team in Apache 2. This is tracked under the Mitre CVE ID CAN-2004-0885. Fixed packages are in testing and will be released soon. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We recommend against subscribing to security lists that cause the e-mail message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way toverify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the file name of the rpm package that you have downloaded. Of course, package authenticity verification can only target an uninstalled rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Serious vulnerabilities within the ABC library have come to light. The DEF security patch urges prompt remediation for the impacted releases.. xshared,XFree86-libs,xorg-x11-libs,remote exploit,security patch. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Nov 17, 2004 Important SuSE
100

SUSE: 2004-039 Moderate: Xpdf And Cups Risk Of Remote Compromise

Xpdf is a widely used fast PDF file viewer. Various other PDF viewer Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSE Security-Tea [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups Announcement-ID: SUSE-SA:2004:039 Date: Tuesday, Oct 26th 2004 10:30 MEST Affected products: 8.1, 8.2, 9.0, 9.1, 9.2 SUSE Linux Enterprise Server 8, 9 SUSE Linux Desktop 1.0 Vulnerability Type: remote system compromise Severity (1-10): 5 SUSE default package: yes Cross References: CAN-2004-0888 CAN-2004-0889 Content of this advisory: 1) security vulnerability resolved: - integer overflows - arithmetic errors problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: - freeradius denial of service problems - mpg123 - squid 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion Xpdf is a widely used fast PDF file viewer. Various other PDF viewer and PDF conversion tools use xpdf code to accomplish their tasks. Chris Evans found several integer overflows and arithmetic errors. Additionally Sebastian Krahmer from the SuSESecurity-Team found similar bugs in xpdf 3. These bugs can be exploited by tricking an user to open a malformated PDF file. As a result the PDF viewer can be crashed or may be even code can be executed. 2) solution/workaround Due to the wide usage of xpdf-based code we do not recommend switching to another PDF viewer as a workaround. You have to install the updates. 3) special instructions and notes Please restart all running instances of xpdf, gpdf, kpdf, pdftohtml, cups after updating successfully. 4) package location and checksums Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Cups packages and all 9.2 packages will be available later. x86 Platform: SUSE Linux 9.1: f17866987c9099ed8b0395d184adfffc d648d6e96013cc339dd424041f8bc973 16864a7b7652a3183f9f8cac034cf70e 8f09aa7927d9cdcfc52ab06e520b2441 patch rpm(s): 2d3da1271fc9e072186fca6aa1de8c5c 093d0aaa7f4fbe24afc722057cbe334e 3af8141ddfbdf558afdf4f2f8f94a9f8 0d765c907e89a91186e03d8c8de87857 source rpm(s): d4892578f2d84c1bdbc36b0df9341607 d4c06775143e5e6fec7bc544d248daee cfda8ff6f352e1bc4f827a3118521b25 bb4d96dd72f0ee94315afd7b4c81e16b SUSE Linux 9.0: dc822cef09e27e169acd94cda1fb622a c99912bc5656546b028a8c4fe0473a75 patch rpm(s): 58b8a44ae02482d19c73959bfd85e85e 8055fbed4ac1e664706701e3b7d3e1bc source rpm(s): 35e37ded2db7d772d854748e606f42d0 d42fe2976009b8ab44d6c166caf0840c SUSE Linux 8.2: e198f2fc43f1f455676a9dc1ee42af5e patch rpm(s): acb5181c10c7b365cca71ae307b11553 source rpm(s): aada3bee6ac1517f50468777c49d8d91 SUSE Linux 8.1: c0d7beba46d02e1090e9b6c7795a10c3 patch rpm(s): ac395b4518a4c83d2af7805f35626a22 source rpm(s): 5ec84289ef8ca520e78cc80360d05665 x86-64 Platform: SUSE Linux 9.1: 2b0b08249164043db0e3a5b080b03f1d c10bbbb43b8af6bc4da4922ce2afaede 7021ae8a2e9bc809240c8e953ef74fab 94200c51e06e9f31bc13139ea66c1626 patch rpm(s): e0d057eeb94492d62be6794dfde196c9 ae9382a68c4d424cdee65324208f9e84 33a0a7fd7b0758175f465f8f1fa6ce36 c4629d75d822cf47b243cf34bd8cbacb source rpm(s): f2acee920bd51b347e072463edc8f6bc 5b5c9c5d9aa1ddff06f56f83cf0365d9 2e2b8e6903b724462f30c07db1e76755 e6988ea49a337ebd49f42d15afdeb188 SUSE Linux 9.0: 942676168c21ac7253637dd3312e35d1 7a5076aec7aae7e6e05bf8d0f6b5e523 patch rpm(s): b14da314a640e3afd3e72f417937c461 fd4047d3c5392d63040e576effb32df5 source rpm(s): 5300f04533ee5b490e1f7de0a29fd705 dd9b695199beaea8122037705eb1a581 ______________________________________________________________________________ 5) pending vulnerabilities in SUSE Distributions and Workarounds: - freeradius Several bugs that can be abused to remotely crash freeradius have been discovered (CAN-2004-0938, CAN-2004-0960, CAN-2004-0961). New packages will be available soon. - mpg123 A buffer overflow in mpg123 has been discovered. New packages will be available soon. - squid A bug in the ASN.1 parser of the SNMP module has been fixed which would have allowed an attacker to crash squid (CAN-2004-0918). Updates will be available soon. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must beinstalled by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at . - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . SUSE patches multiple image editors and the printing system for buffer overflow vulnerabilities and potential remote access threats.. SUSE Security Update,xpdf,gpdf,CUPS issues,remote compromise. . LinuxSecurity.com Team

Calendar%202 Oct 26, 2004 SuSE
100

SUSE: 2004-019 Moderate: DHCP Server Buffer Overflow Risk

The Dynamic Host Configuration Protocol (DHCP) server is used to The Dynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN configure clients that dynamically connect to a network (WLAN hotspots, customer networks, ...). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by [More...]. -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: dhcp/dhcp-server Announcement-ID: SuSE-SA:2004:019 Date: Tuesday, Jun 22st 2004 21:00 MEST Affected products: 8.0, 8.1, 8.2, 9.0, 9.1 SUSE Linux Database Server, SUSE eMail Server III, 3.1 SUSE Linux Enterprise Server 7, 8 SUSE Linux Firewall on CD/Admin host SUSE Linux Connectivity Server SUSE Linux Office Server Vulnerability Type: remote system compromise Severity (1-10): 5 SUSE default package: yes Cross References: VU#317350 VU#654390 Content of this advisory: 1) security vulnerability resolved: buffer overflow problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - icecast - sitecopy - cadaver - OpenOffice_org - tripwire - postgresql - lha - XDM - mod_proxy 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information TheDynamic Host Configuration Protocol (DHCP) server is used to configure clients that dynamically connect to a network (WLAN hotspots, customer networks, ...). The CERT informed us about a buffer overflow in the logging code of the server that can be triggered by a malicious client by supplying multiple hostnames. The hostname strings are concatenated and copied in a fixed size buffer without checking the buffer bounds. Other possible buffer overflow conditions exist in using vsprintf() instead of vsnprintf(). This behavior can be configured during compile- time. The dhcp/dhcp-server package coming with SUSE LINUX used the vulnerable vsprintf() function. Since SuSE Linux 8.1/SuSE Linux Enterprise Server 8 the DHCP server runs as non-root user in a chroot jail. This setup limits the impact of a successful attack. There is no temporary workaround known. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. x86 Platform: SUSE Linux 9.1: 6de5ea6efc87a3fcd3ed0ad6b9500a72 patch rpm(s): e64d5f02268edf0cd4ecac5e917c2872 source rpm(s): 6be43d62ac4987c21d37bbfaf474d604 SUSE Linux 9.0: 617270aba8651abb59a492bfe9b60018 patch rpm(s): 4a90fa43709f38a2c6b3dbcf591a0adb source rpm(s): ac606c8da1f8f4eae538ea110c639432 SUSE Linux 8.2: 28020cc4c5d8a57cf5da5fbb1fcb682c patch rpm(s): 425546108271103762940ee6407ee03c source rpm(s): a0a1ef9fbc13ac94bd9371eea33a6113 SUSE Linux 8.1: 77ecf5ffef83bcf36636c1330bdfc4be patch rpm(s): d505bd9f0787eb1dca75a4b6908d1ce9 source rpm(s): 877b2bc5e21ad6f4e30968df29cb7c7e SUSE Linux 8.0: efad137cb0835d11f789a0a41de88c85 patch rpm(s): 68d11afae967685d18ed9e4864c29972 source rpm(s): ae3bfa6b54b824a1283b9acd6b354410 x86-64 Platform: SUSE Linux 9.1: e0dce22d7d0a67b22e7ee144761ab56d patch rpm(s): 9a14ca99e4284e3d91bd7d5e904c1714 source rpm(s): e7e668a18dff093d7d53f3b5c5ce6a03 SUSE Linux 9.0: d054492651ea0fc968d537540e16cb5b patch rpm(s): d073e74b3fe9150108aaf37ab1e2135f source rpm(s): b5702a32cb1caad2f8d711a5e88bd97e ______________________________________________________________________________ 2) Pending vulnerabilities in SUSE Distributions and Workarounds: - icecast The icecast service is vulnerable to a remote denial-of-service attack. Update packages will be available soon. - sitecopy The sitecopy package includes a vulnerable version of the neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be available soon. - cadaver The cadaver package includes a vulnerable version of the neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be available soon. - OpenOffice_org The OpenOffice_org package includes a vulnerable version of the neon library (CAN-2004-0179, CAN-2004-0398). Update packages will be available soon. - tripwire A format string bug in tripwire can be exploited locally to gain root permissions. Update packages will be available soon. - postgresql A buffer overflow in psqlODBC could be exploited to crash the application using it. E.g. a PHP script that uses ODBC to access a PostgreSQL database can be utilized to crash the surrounding Apache web-server. Other parts of PostgreSQL are not affected. Update packages will be available soon. - lha Minor security fix for a buffer overflow while handling command line options. This buffer overflow could be exploited inconjunction with other mechanisms to gain higher privileges or access the system remotely. Packages are available now. - XDM/XFree86 This update resolves random listening to ports by XDM that allows to connect via the XDMCP. SUSE LINUX 9.1 is affected only. New packages are currently being tested and will be available soon. - mod_proxy A buffer overflow can be triggered by malicious remote servers that return a negative Content-Length value. This vulnerability can be used to execute commands remotely New packages are currently being tested and will be available soon. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it.), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transportthrough the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE LINUX by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE LINUX distributions version 7.1 and thereafter install the key "This email address is being protected from spambots. You need JavaScript enabled to view it." upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at . - SUSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SUSE's announce-only mailing list. Only SUSE's security announcements are sent tothis list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ==================================================================== . Urgent patch released for SUSE DHCP server addressing a buffer overflow flaw impacting various distributions.. SUSE DHCP buffer overflow, security update, remote system risk. . LinuxSecurity.com Team

Calendar%202 Jun 23, 2004 SuSE
91

Gentoo: GLSA-200401-04 Normal: GAIM 0.75 Remote Overflow Advisory

Various overflows in the handling of AIM DirectIM packets was revealed in GAIM that could lead to a remote compromise of the IM client.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200401-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ Severity: Normal ~ Title: GAIM 0.75 Remote overflows ~ Date: January 27, 2004 ~ Bugs: #39470 ~ ID: 200401-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Various overflows in the handling of AIM DirectIM packets was revealed in GAIM that could lead to a remote compromise of the IM client. Background ========= Gaim is a multi-platform and multi-protocol instant messaging client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, and the Zephyr networks. Description ========== Yahoo changed the authentication methods to their IM servers, rendering GAIM useless. The GAIM team released a rushed release solving this issue, however, at the same time a code audit revealed 12 vulnerabilities [ 1 ]. Impact ===== Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between the client and the server. But the underlying protocols are easy to implement and attacking ordinary TCP sessions is a fairly simple task. As a result, all users are advised to upgrade their GAIM installation. [ * ] Users of GAIM 0.74 or below are affected by 7 of the ~ vulnerabilities and are encouraged to upgrade. [ * ] Users of GAIM 0.75 are affected by 11 of the vulnerabilities ~ and are encouraged to upgrade to the patched version of GAIM ~ offered by Gentoo. [ * ] Users of GAIM 0.75-r6 are only affected by 4 of the ~ vulnerabilities, but arestill urged to upgrade to maintain ~ security. Workaround ========= There is no immediate workaround; a software upgrade is required. Resolution ========= All users are recommended to upgrade GAIM to 0.75-r7. ~ $> emerge sync ~ $> emerge -pv "> =net-im/gaim-0.75-r7" ~ $> emerge "> =net-im/gaim-0.75-r7" References ========= ~ [ 1 ] : Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFAFrwkMMXbAy2b2EIRAgXNAKDv5xVitt263W3Zuhbr0XbYFFn60ACdGdKO 7ltFFxnxeXHJbOmb3BkQLOM=shTi -----END PGP SIGNATURE----- . GAIM 0.75 Remote exploit flaw identified in Gentoo alert, urging users to update for improved protection.. GAIM Security, Gentoo Advisory, Remote Overflows, Upgrade Recommendation, IM Client Risk. . LinuxSecurity.com Team

Calendar%202 Jan 27, 2004 Gentoo
99

Slackware: SSA:2004-026-01 Critical: Gaim Remote Issue Fix

GAIM is a GTK2-based Instant Messaging (IM) client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] GAIM security update (SSA:2004-026-01) GAIM is a GTK2-based Instant Messaging (IM) client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these new packages. These are based on GAIM 0.75 with patches for all 12 security issues. Thanks to Stefan Esser of e-matters GmbH for finding and reporting these bugs. For more details, see the e-matters GmbH advisory here: Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Mon Jan 26 15:27:17 PST 2004 patches/packages/gaim-0.75-i486-1.tgz: Upgraded to gaim-0.75 and patched 12 overflows that can allow remote compromise. All GAIM users should upgrade. (* Security fix *) +--------------------------+ WHERE TO FIND THE NEW PACKAGE: +-----------------------------+ Updated package for Slackware 9.0: Updated package for Slackware 9.1: Updated package for Slackware -current: MD5 SIGNATURES: +-------------+ Slackware 9.0 package: 452ccd82a9ee640912575a8fdcea86a1 gaim-0.75-i386-1.tgz Slackware 9.1 package: b66997156d55a0f9561e80e604b25630 gaim-0.75-i486-1.tgz Slackware -current package: 259f1731e2278b2c68a54d215ec55dfb gaim-0.75-i486-1.tgz INSTALLATION INSTRUCTIONS: +------------------------+ Upgrade the GAIM package with upgradepkg: # upgradepkg gaim-0.75-i486-1.tgz +-----+ . The latest GAIM patch for Slackware addresses a dozen security flaws that could enable remote exploitation. Upgrade immediately to bolster your system's defenses.. Gaim Security Update, Slackware Packages, Remote Compromise Fixes, GTK2 Messaging Client. . Severity:Critical. LinuxSecurity.com Team

Calendar%202 Jan 27, 2004 Critical Slackware
100

SuSE: 2003:017 Moderate: File Command Buffer Overflow Threat

A buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command has been fixed.. ______________________________________________________________________________ SuSE Security Announcement Package: file Announcement-ID: SuSE-SA:2003:017 Date: Friday, Mar 21th 2003 10:10 MET Affected products: 7.1, 7.2, 7.3, 8.0, 8.1 SuSE Linux Database Server SuSE eMail Server 3.1, III SuSE Firewall Adminhost VPN SuSE Linux Admin-CD for Firewall SuSE Firewall on CD 2 - VPN SuSE Firewall on CD 2 SuSE Linux Live-CD for Firewall SuSE Linux Connectivity Server SuSE Linux Enterprise Server 7 SuSE Linux Enterprise Server 8 SuSE Linux Office Server Vulnerability Type: remote system compromise Severity (1-10): 2 SuSE default package: yes Cross References: CAN-2003-0102 Content of this advisory: 1) security vulnerability resolved: buffer overflow problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds: - mutt - kernel - ethereal - qpopper - apcupsd - vnc - openssl - mod_php4 - pgp4pine - nethack - netpbm - man 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution,upgrade information The file command can be used to determine the type of files. iDEFENSE published a security report about a buffer overflow in the handling-routines for the ELF file-format. In conjunction with other mechanisms like print-filters, cron-jobs, eMail-scanners (like AMaViS) and alike this vulnerability can be used to gain higher privileges or to compromise the system remotely. There is no temporary fix known other then updating the system. Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. Please note, missing packages will be published as soon as possible. Intel i386 Platform: SuSE-8.1: 06e1fa8c7e00fd848b9ccff104a096f0 patch rpm(s): bcb67c0daac5b2542c1126aed315d37c source rpm(s): d10341b38f3e73253ce4c45c06c04ff0 SuSE-8.0: 622ee2ad1552679bc35254888d2d5373 patch rpm(s): eea3818ae69727885e490fc8034e6585 source rpm(s): 9357e8c51f48feffb5bbff72752ac013 SuSE-7.3: f93db1b0c3d3adfe893b0b0fd12f41d8 source rpm(s): 8206b3d2802237406e2edeb9ade377f1 SuSE-7.1: 3ac53edd9ee3995e8b5c05d3e94b5fd5 source rpm(s): 19b16688d3d2867f51554bd3cf4341ab Sparc Platform: SuSE-7.3: 8a8e966fc47b701669f0fb8d5064436a source rpm(s): 2411dd12c8bec3784ba7dff72764b766 AXP Alpha Platform: SuSE-7.1: 4afbdc453be439848e719a3cd1617c49 source rpm(s): ca965a4049a126492262281c7f9b7f4f PPC Power PC Platform: SuSE-7.3: 34fa8b1d8318fd887b840d5715894c97 source rpm(s): 87eb4efad58d1c375a98e1c9990d7e35 SuSE-7.1: 82b761b13f32f0bcfe3df906284bf0d9 source rpm(s): c7c729f7e8c93dd15ad6af5bfb65e826 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - mutt A buffer overflow in mutt's IMAP code may result in remote system compromise. New packages are currently being build and will be available soon. - kernel A bug in the Linux kernel was found that allows local users to become root. The bug can just be exploited if ptrace(2) is allowed, LKM and kmod support is enabled. We already build new kernels and are currently testing them. As a workaround kernel module loading can be disabled after every boot by executing the following action as root: # echo /just/a/temporary/workaround > /proc/sys/kernel/modprobe Please note, that this will disable some services. - ethereal A format string bug in ethereal's SOCKS handling code and a buffer overflow in the NTLMSSP was found in ethereal. Both bugs may lead to remote system compromise. New packages are currently being build and will be available soon. - qpopper In version 4.0.x of qpopper a buffer overflow *after* user authen- tication can be exploited to gain a shell on a POP-server machine. New packages are currently being build and will be available soon. - apcupsd The control and management daemon for APC UPS systems is vulnerable to remote code execution due to buffer overflow and format string bugs. A dedicated advisory for this issue will be released as soon as all packages are being build. - vnc VNC (Virtual Network Computing) uses a weak cookie generation process which can be exploited by an attacker to bypass authentication. New packages are currently being tested and will be available on our FTP servers soon. - openssl A paper regarding remote timing attacks against OpenSSL has been published by researchers of the Stanford University. It is possible to extract the private RSA key used by services using OpenSSL by observing their timing behavior. Additionally czech researchers found another bug in OpenSSL which is an extension of the "Bleichenbacher Attack". Fixed packages will be available on our FTP servers soon. - mod_php4 4.3.0 A serious security vulnerability was found in mod_php 4.3.0 which allows a remote attacker to read files or even execute PHP-code. This was possible due to direct access to the CGI module. SuSE does not ship this vulnerable version. - pgp4pine A buffer overflow in pine's filter add-on pgp4pine can be abused to execute arbitrary commands remotely. The pgp4pine version SuSE ships is not vulnerable to this bug. - nethack A buffer overflow in nethack can be exploited local users to gain higher privileges if the nethack binary is installed setuid/setgid. This bug is fixed for upcoming SuSE Linux versions. As a temporary workaround you should disable all s-bits on the nethack binary (/etc/permissions.local). - netpbm The netpbm package contains various integer overflows which can lead to arbitrary code execution. New packages are published on our FTP servers. - man A vulnerability in man was published that allows local privilege escalation. SuSE Linux does not ship this vulnerable version of man. ______________________________________________________________________________ 3) standard appendix: authenticity verification, additional information - Package authenticity verification: SuSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin ofthe package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SuSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key This email address is being protected from spambots. You need JavaScript enabled to view it. ), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SuSE in rpm packages for SuSE Linux bysaving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SuSE Linux distributions version 7.1 and thereafter install the key " This email address is being protected from spambots. You need JavaScript enabled to view it. " upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at . - SuSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list. Only SuSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SuSE's security contact is or . The public key is listed below. ====================================================================______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, it is desired that the clear-text signature shows proof of the authenticity of the text. SuSE Linux AG makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key . Fixes a buffer overflow in the file command tomitigate remote system compromise across SuSE Linux distributions.. Buffer Overflow Fix, Remote System Compromise, SuSE Security Advisory. . LinuxSecurity.com Team

Calendar%202 Mar 21, 2003 SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200