Linux Advisory Watch - January 18th 2002

    Date17 Jan 2002
    CategoryForums
    728
    Posted ByAnthony Pell
    This week, advisories were released for  imp, horde, x-chat, gzip, glibc, cipe, sudo, at, stunnel, NetBSD kernel, slashcode, pine, lids, groff, bugzilla, and uuxqt.  The vendors include Caldera, Conectiva, Debian, EnGarde, Mandrake, NetBSD, Red Hat, Slackware, and SuSE.. . . This week, advisories were released for  imp, horde, x-chat, gzip, glibc, cipe, sudo, at, stunnel, NetBSD kernel, slashcode, pine, lids, groff, bugzilla, and uuxqt.  The vendors include Caldera, Conectiva, Debian, EnGarde, Mandrake, NetBSD, Red Hat, Slackware, and SuSE.

    FREE Apache SSL Guide from Thawte Certification  - Do your online customers demand the best available protection of their personal information? Thawte's guide explains how to give this to your customers by implementing SSL on your Apache Web Server. Click here to get our FREE Thawte Apache Guide   http://www.gothawte.com/rd176.html   

    PackagesVendors
    imp/hordeCaldera
    x-chatDebian
    gzipDebian
    glibcSlackware
    cipeDebian
    sudoMandrake, EnGarde, Debian, NetBSD, Conectiva, SuSE, Red Hat
    atDebian, SuSE
    stunnelMandrake
    NetBSD kernelNetBSD
    slashcodeSlashCode
    pineEnGarde, Slackware
    lidsEnGarde
    groffRed Hat
    bugzillaRed Hat
    uuxqtRed Hat

    Why be vulnerable? Its your choice. - Are you looking for a solution that provides the applications necessary to easily create thousands of virtual Web sites, manage e-mail, DNS, firewalling database functions for an entire organization, and supports high-speed broadband connections all using a Web-based front-end? EnGarde Secure Professional provides those features and more!  Want to learn more?

    Save 10% and Free Shipping on all Guardian Digital Secure Servers!

    Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability.  


    IMP / HORDE

    The webmail frontend IMP has a cross site scripting problem, allowing a remote attacker to send you an E-mail with a malformed URL that when clicked on will open your mail session to the attacker, allowing him to read and delete your E-mails.

    Caldera OpenLinux:ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/Server/current/RPMSRPMS/horde-1.2.7-1.i386.rpm53a9d75c760851f79fa72cb451416f96

    RPMS/imp-2.2.7-1.i386.rpm4bb1af4dcd98af6f168543476f691b95

    Caldera Vendor Advisory:http://www.linuxsecurity.com/advisories/caldera_advisory-1798.html

     

    XChat

    It is possible to trick XChat IRC clients into sending arbitrary commands to the IRC server they are on, potentially allowing social engineering attacks, channel takeovers, and denial of service.  This problem exists in versions 1.4.2 and 1.4.3.

    Debian Intel ia32 architecture:http://security.debian.org/dists/stable/updates/main/binary-i386/xchat-gnome_1.4.3-1_i386.debMD5 checksum: 2eb90d6a77af6c2475a976d282d76377 http://security.debian.org/dists/stable/updates/main/binary-i386/xchat-text_1.4.3-1_i386.debMD5 checksum: 9701ca60219d4ac8981293763474f14c

    http://security.debian.org/dists/stable/updates/main/binary-i386/xchat_1.4.3-1_i386.debMD5 checksum: 1a45ebe67bd4b495cbbd9b9e1517239e

    XChat Vendor Advisory:http://www.linuxsecurity.com/advisories/debian_advisory-1802.html

     

    gzip

    GOBBLES found a buffer overflow in gzip that occurs when compressing files with really long filenames.  Even though GOBBLES claims to have developed an exploit to take advantage of this bug, it has been said by others that this problem is not likely to be exploitable as other security incidents.

    Debian Intel ia32 architecture:http://security.debian.org/dists/stable/updates/main/binary-i386/gzip_1.2.4-33.1_i386.debMD5 checksum: b61176ee1953b528e50268995e6c2505

    Debian Vendor Advisory:http://www.linuxsecurity.com/advisories/debian_advisory-1803.html

     

    glibc

    A buffer overflow has been found in the globbing code for glibc. This code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers.

    PLEASE SEE VENDOR ADVISORY

    Debian Vendor Advisory:http://www.linuxsecurity.com/advisories/debian_advisory-1804.html

    Slackware Vendor Advisory:http://www.linuxsecurity.com/advisories/slackware_advisory-1800.html

     

    cipe

    Larry McVoy found a bug in the packet handling code for the CIPE VPN package: it did not check if a received packet was too short and could crash.

    Debian Architecture independent archives: http://security.debian.org/dists/stable/updates/main/binary-all/cipe-common_1.3.0-3_all.debMD5 checksum: bbfe46765a76bce4f4ce6f9855eee717 http://security.debian.org/dists/stable/updates/main/binary-all/cipe-source_1.3.0-3_all.debMD5 checksum: c380864ae382aff742f08869f89848f6

    Debian Vendor Advisory:http://www.linuxsecurity.com/advisories/debian_advisory-1805.html

       

    sudo

    Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit.  This problem has been fixed in upstream version 1.6.4 as well as in version 1.6.2p2-2.1 for the stable release of Debian GNU/Linux.

    Debian Intel ia32 architecture:http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.1_i386.debMD5 checksum: 793c815263a64e63108628ed31537dfe

    Debian Vendor Advisory:http://www.linuxsecurity.com/advisories/debian_advisory-1807.html 

    Mandrake 8.0:http://www.mandrakesecure.net/en/ftp.php

    8.0/RPMS/sudo-1.6.4-1.1mdk.i586.rpm6485ad4e345eb0e4920f856d65808235

    Mandrake Vendor Advisory:http://www.linuxsecurity.com/advisories/mandrake_advisory-1816.html 

    NetBSD:ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.4.1.tgz

    NetBSD Vendor Advisory:http://www.linuxsecurity.com/advisories/netbsd_advisory-1827.html 

    EnGarde sudo:i386/sudo-1.6.4-1.0.6.i386.rpmMD5 Sum: 83fceade44a6d263647653351c2acade

    i686/sudo-1.6.4-1.0.6.i686.rpmMD5 Sum: 8b8c9344cbc950cd9fd4f2fc1c3136f8

    EnGarde Vendor Advisory:http://www.linuxsecurity.com/advisories/other_advisory-1809.html 

    Conectiva:ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-1.6.4p1-1U70_1cl.i386.rpm

    ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-doc-1.6.4p1-1U70_1cl.i386.rpm

    Conectiva Vendor Advisory:http://www.linuxsecurity.com/advisories/other_advisory-1813.html 

    SuSE i386 Intel Platform: SuSE-7.3ftp://ftp.suse.com/pub/suse/i386/update/7.3/ap1/sudo-1.6.3p7-71.i386.rpmb98f00f761274530bfad3486253bed53

    SuSE Vendor Advisory:http://www.linuxsecurity.com/advisories/suse_advisory-1806.html 

    Red Hat i386:ftp://updates.Red Hat.com/7.2/en/os/i386/sudo-1.6.4-0.7x.2.i386.rpm

    Red Hat Vendor Advisory:http://www.linuxsecurity.com/advisories/redhat_advisory-1812.html

           

    at

    zen-parse found a bug in the current implementation of at which leads into a heap corruption vulnerability which in turn could potentially lead into an exploit of the daemon user.

    Debain Intel ia32 architecture:http://security.debian.org/dists/stable/updates/main/binary-i386/at_3.1.8-10.1_i386.debMD5 checksum: 8af8ea462718b6bee748b2a809834d2e

    Debian Vendor Advisory:http://www.linuxsecurity.com/advisories/debian_advisory-1818.html 

    i386 Intel Platform: SuSE-7.3ftp://ftp.suse.com/pub/suse/i386/update/7.3/ap1/at-3.1.8-459.i386.rpmdb3d2bd38f81667dcece38d1c4a86725

    SuSE Vendor Advisory:http://www.linuxsecurity.com/advisories/suse_advisory-1817.html

       

    stunnel

    All versions of stunnel from 3.15 to 3.21c are vulnerable to format string bugs in the functions which implement smtp, pop, and nntp client negotiations.  Using stunnel with the "-n service" option and the "-c" client mode option, a malicious server could use the format sting vulnerability to run arbitrary code as the owner of the current stunnel process.  Version 3.22 is not vulnerable to this bug.

    http://www.mandrakesecure.net/en/ftp.php

    Mandrake Linux 8.1:8.1/RPMS/stunnel-3.22-1.1mdk.i586.rpm08204f11728f2c6b6152de9ebb562ac5

    8.1/SRPMS/stunnel-3.22-1.1mdk.src.rpme85fbd3435759fa7b94bb5c371738b30

    Mandrake Vendor Advisory:http://www.linuxsecurity.com/advisories/mandrake_advisory-1828.html

       

    netbsd kernel

    A process could exec a setuid binary, while gaining ptrace control over it for a short period before the process was activated. The ptrace controller process could then modify the address space of the controlled process and abuse its elevated privileges.

    PLEASE SEE VENDOR ADVISORY

    NetBSD Vendor Advisory:http://www.linuxsecurity.com/advisories/netbsd_advisory-1826.html

       

    slashcode

    Slash, the code that runs Slashdot and many other web sites, has a vulnerability in recent versions that allows any logged-in user to log in as any other user.  This allows users to take nearly full control of a Slash system (post and delete stories, posting stories, edit users, post as other users, etc., and do anything that a Slash user can do) by logging in to an adminstrator's Slash account.

    PLEASE SEE VENDOR ADVISORY

    Slashcode Vendor Advisory:http://www.linuxsecurity.com/advisories/other_advisory-1799.html

     

    pine

    There is a vulnerability in pine which can allow an attacker to execute arbitrary commands on a victims machine by sending them a specially-crafted URL which is then mishandled by pine's URL handling code.

    EnGarde:ftp://ftp.engardelinux.org/pub/engarde/stable/updates/i386/pine-4.33-1.0.6.i386.rpmMD5 Sum: 4b1d60e1e7ccb3a8a511db42877f0b15

    i686/pine-4.33-1.0.6.i686.rpmMD5 Sum: 995ed060b84adb05b5b274d353becd91

    EnGarde Vendor Advisory:http://www.linuxsecurity.com/advisories/other_advisory-1810.html 

    Slackware Updated pine package for Slackware 8.0:ftp://ftp.slackware.com/pub/slackware/slackware-8.0/patches/packages/pine.tgz

    Slackware Vendor Advisory:http://www.linuxsecurity.com/advisories/slackware_advisory-1801.html

       

    lids

    Recently there were several local vulnerabilities discovered in the LIDS system used by EnGarde Secure Linux which could allow an attacker to gain root, and even disable LIDS completely.

    EnGarde:ftp://ftp.engardelinux.org/pub/engarde/stable/updates/

    PLEASE SEE VENDOR ADVISORY

    EnGarde Vendor Advisory:http://www.linuxsecurity.com/advisories/other_advisory-1811.html

     

    groff

    New groff packages have been made available that fix an overflow in groff. If the printing system running this is a security issue, it is recommended to update to the new, fixed packages.

    Red Hat i386:  7.2ftp://updates.Red Hat.com/7.2/en/os/i386/groff-1.17.2-7.0.2.i386.rpmf3181dd6c32ffc9478721244b77c89af

    Red Hat Vendor Advisory:http://www.linuxsecurity.com/advisories/redhat_advisory-1808.html

     

    bugzilla

    This new version fixes several security issues discovered since version 2.14 was released, which are too serious to wait for the upcoming 2.16 release.

    Red Hat Powertools 7.1:

    noarch:ftp://updates.Red Hat.com/7.1/en/powertools/noarch/bugzilla-2.14.1-2.noarch.rpmdd9607075ee2e4186f153b5587fb8ec0

    Red Hat Vendor Advisory:http://www.linuxsecurity.com/advisories/redhat_advisory-1814.html

     

    uuxqt

    uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain uid and gid uucp privileges by  calling uux and specifying an alternate configuration file with the --config option.

    Red Hat Linux 7.2: i386:ftp://updates.Red Hat.com/7.2/en/os/i386/uucp-1.06.1-32.i386.rpm

    Red Hat Vendor Advisory:http://www.linuxsecurity.com/advisories/redhat_advisory-1829.html

             

       

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":50,"resources":[]},{"id":"67","title":"HOWTOs","votes":"1","type":"x","order":"3","pct":50,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.