Stay Secure with the Latest Linux Advisories

security advisorySuSEsoftware update

SuSE: 2001:16 Low Severity Issue with sgmltool Local File Access

During operation, the underlying SGML perlmodule creates temporary files in an insecure way.. ______________________________________________________________________________ SuSE Security Announcement Package: sgmltool-1.0.9-266 Announcement-ID: SuSE-SA:2001:16 Date: Friday, May 4th, 14:55:35 CEST 2001 Affected SuSE versions: 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local fileaccess problem Severity (1-10): 2 SuSE default package: yes Other affected systems: All UN*X systems using this package Content of this advisory: 1) security vulnerability resolved: sgmltool problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The sgmltool programs ("sgml2html" and others) are used to convert SGML-files into various other formats. During operation, the underlying SGML perlmodule creates temporary files in an insecure way. This allows attackers to destroy arbitrary files owned by the user who invoked the sgmltool program. The problem has been fixed by creating temporary files with the exclusive (O_EXCL) option upon opening them. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 bdedaefb82dc2bb8ff0a522607b80ac3 source rpm: dc5612aa475c5d6dcaaeee86e6bf985f SuSE-7.0 916953307d466d3bd8d26fb0655ce55a source rpm: 5e11b85a494e1033ee2a83839cb296fe SuSE-6.4 a489acc5c3dce4c44915e47b3ee64790 source rpm: efdb6b08988b689127600a954ebe2e2f SuSE-6.3 9c1e5da161b67248935cbc7f485dfd40 source rpm: a2deae294821e73ed24429636b20ed2a Sparc Platform: SuSE-7.1 b3e0ec269392fb3d77c37cc698f77d16 source rpm: eb80b6efe08f40139ec181fed7ccc832 SuSE-7.0 8312ac046de5df7a47008dba32f1a7e8 source rpm: a7e48214ae01f4f720240c1204120927 AXP Alpha Platform: SuSE-7.0 06348dc4b669098d80bc16a8cc836123 source rpm: c7c7ff5507f7a510d615235323f9f636 SuSE-6.4 ee6bb4dd45c90ba716f0d825fba7bbca source rpm: 44366d7edcace3448a606aff0c73026f SuSE-6.3 2c2450e3dfdde9066269add9cfb0757b source rpm: 66a9d60866a5ebbb2e0682a2056f2528 PPC Power PC Platform: SuSE-7.1 01bda0ee0edfa1e1036d27b2bb3de352 source rpm: 1c6668d3ccc1b27bb3d5a4f84b308323 SuSE-7.0 e9b7161fe3a10624790ce65d9909165d source rpm: 15b8204b9378f8e833e6bac263bbacdd SuSE-6.4 6af30c53d022866df5dd69ae053eeeea source rpm: 35aa3ab2a86498c5e6ad145c0c7e378a ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - Marcus Meissner (Caldera) found a bug in KDE 2.1.*'s kdesu program which allows attackers to gather private information. This is due to insecure local filehandling by the kdesu program. Please update to the newest packages. - minicom format string vulnerabilities have been found in the minicom package. If /usr/bin/minicom is installed suid, the vulnerability may be exploited to gain elevated privileges. Please note that this is not the case inSuSE distributions. If you decided to make /usr/bin/minicom suid uucp or even suid root, please make sure that you grant access to the execution of minicom to trusted users only. - cfingerd The package has been found vulnerable to a remotely exploitable weakness. SuSE Linux distributions do not ship this version of fingerd. - webmin Insecure handling of temporary files has been found in webmin, a comprehensive administration webinterface. SuSE distributions do not contain the webmin package and therefore are not vulnerable to the found vulnerabilities by default. We urge administrators who use webmin to upgrade to the latest version of webmin available. - gnupg/gpg, openssl Several weaknesses have been found in gnupg/gpg that can reduce the strength of encrypted data. We will provide updates for the gnupg/gpg package. The updates are currently being tested. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: This email address is being protected from spambots. You need JavaScript enabled to view it. - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to . This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ============================================== SuSE's security contact is . ============================================== Regards, Sebastian Krahmer ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided thatthe advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. . The SuSE Security Bulletin regarding sgmltool-1.0.9-266 highlights a critical local file access flaw and outlines the necessary updates to mitigate potential risks.. sgmltool update, SuSE security announcement, software patch, local file risk. . Severity: Low. LinuxSecurity.com Team

May 04, 2001 •Low SuSE