![[LWN Logo]](/images/lcorner.png) |
|
![[LWN.net]](/images/Included.png) |
From: InfoSec News <isn@c4i.org>
To: isn@attrition.org
Subject: [ISN] Linux Advisory Watch - August 10th 2001
Date: Sat, 11 Aug 2001 01:41:03 -0500 (CDT)
+----------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 10th, 2001 Volume 2, Number 32a |
+----------------------------------------------------------------+
Editors: Dave Wreski Benjamin Thomas
dave@linuxsecurity.com ben@linuxsecurity.com
Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the week.It
includes pointers to updated packages and descriptions of each
vulnerability.
This week, advisories were released for xmcd, tomcat, squid, zope, FreeBSD
kernel, openldap, xloadimage, and kerberos. The vendors include Caldera,
Debian, FreeBSD, and Red Hat and SuSE.
** Sponsored by Thawte **
SECURE YOUR APACHE SERVERS- GET OUR FREE GUIDE TO LEARN HOW Get a FREE
Guide from Thawte, the #1 global certificate provider for Apache Web
servers. Learn how to set up Apache servers for SSLeay, get a secure
server ID, and more. Click here to get the guide:
http://www.thawte.com/ucgi/gothawte.cgi?a=n172847680022000
EnGarde Secure Linux v1.0.1 - EnGarde is a secure distribution of Linux
engineered from the ground-up to provide organizations with the level of
security required to create a corporate Web presence or even conduct
e-business on the Web. It can be used as a Web, DNS, e-mail, database,
e-commerce, and general Internet server where security is a primary
concern.
http://www.engardelinux.org/download.html
HTML Version:
http://www.linuxsecurity.com/vuln-newsletter.html
+---------------------------------+
| xmcd | ----------------------------//
+---------------------------------+
Cda, a setuid commandline part of xmcd, a X11/Motif audio CD player by Ti
Kan , was found vulnerable by a link attack and some bufferoverflows.
These bugs could be exploited by an adversary, who has access to the
system, to overwrite files or gain higher privileges.
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/snd2/
xmcd-2.6-195.i386.rpm
2e11b84704ab44c61b04f2e9bfde1371
SuSE Vendor Advisory:
http://www.linuxsecurity.com/advisories/suse_advisory-1532.html
+---------------------------------+
| tomcat | ----------------------------//
+---------------------------------+
There are several security problems with Jakarta-Tomcat, a Java
Servlet Engine, shipped as part of OpenLinux 3.1 Server. Several
vulnerabilities allowed attackers to view files in the system. A
second problem allowed so-called cross-site scripting, where a
hostile Web server can feed JavaScript or other code to a web
browser, making it appear to originate from the server running
tomcat.
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/
Server/current/RPMS
RPMS/jakarta-tomcat-3.2.3-3.i386.rpm
b2b4fa902845eb88b81b7778d9625e2f
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1533.html
+---------------------------------+
| squid | ----------------------------//
+---------------------------------+
There is a security problem with Squid, a proxy server shipped as
part of OpenLinux 3.1 Server. If Squid is configured for accelerator
mode (setting http_accel_with_proxy off), any request to Squid is
allowed. Malicious users may use your proxy to portscan remote
systems, forge email, and other activities.
Caldera:
1779083edd38872f2ac15c219131d1ba
RPMS/squid-2.4.STABLE1-7.i386.rpm
ftp://ftp.caldera.com/pub/updates/OpenLinux/3.1/
Server/current/RPMS
Caldera Vendor Advisory:
http://www.linuxsecurity.com/advisories/caldera_advisory-1534.html
+---------------------------------+
| Zope | ----------------------------//
+---------------------------------+
We *highly* recommend that any Zope site running Zope 2.3.3, Zope
2.4.0 final or any alpha or beta version of 2.4.0 have this hotfix
product installed to mitigate the issue. Zope 2.4.1 will contain a
fix for the issue, at which time the hotfix can be removed.
http://www.zope.org/Products/Zope/
Hotfix_2001-08-04/README.txt
http://www.zope.org/Products/Zope/
Hotfix_2001-08-04/Hotfix_2001_08_04.tgz
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1535.html
+---------------------------------+
| FreeBSD | ----------------------------//
+---------------------------------+
A flaw exists in FreeBSD signal handler clearing that would allow for
some signal handlers to remain in effect after the exec. Most of the
signals were cleared, but some signal hanlders were not. This
allowed an attacker to execute arbitrary code in the context of a
setuid binary.
PLEASE SEE VENDOR ADVISORY
FreeBSD Advisory:
http://www.linuxsecurity.com/advisories/freebsd_advisory-1536.html
http://www.linuxsecurity.com/advisories/freebsd_advisory-1537.html
+---------------------------------+
| OpenLDAP | ----------------------------//
+---------------------------------+
The problem is that slapd did not handle packets with an invalid BER
length of length fields and would crash if it received those. An
attacked can use this to mount a denial of service attack remotely.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
libopenldap-dev_1.2.12-1_i386.deb
MD5 checksum: f38364b6f9b3a5089d58a792d0daca0a
http://security.debian.org/dists/stable/updates/main/binary-i386/
libopenldap1_1.2.12-1_i386.deb
MD5 checksum: 00d96465ef85947015775996b44680b5
http://security.debian.org/dists/stable/updates/main/binary-i386/
openldap-gateways_1.2.12-1_i386.deb
MD5 checksum: 3fa22bee43b35864d82fdb8e5118aeb5
http://security.debian.org/dists/stable/updates/main/binary-i386/
openldap-utils_1.2.12-1_i386.deb
MD5 checksum: 0af27bf23ef1310c4f74f574ce11b1af
http://security.debian.org/dists/stable/updates/main/binary-i386/
openldapd_1.2.12-1_i386.deb
MD5 checksum: fdf3b4c4fd3180470741128d06374c1e
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1538.html
+---------------------------------+
| xloadimage | ----------------------------//
+---------------------------------+
The version of xloadimage (a graphics files viewer for X) that was
shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code
that handles FACES format images. This could be exploited by an
attacker by tricking someone into viewing a specially crafted image
using xloadimage which would allow him to execute arbitrary code.
Debian Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/
xloadimage_4.1-5potato1_i386.deb
MD5 checksum: 909a84515f69e2329229aa5d5d805b7f
Debian Vendor Advisory:
http://www.linuxsecurity.com/advisories/debian_advisory-1541.html
+---------------------------------+
| Kerberos | ----------------------------//
+---------------------------------+
Updated Kerberos 5 packages are now available for Red Hat Linux 6.2,
7, and 7.1. These updates close vulnerabilities due to potential
buffer overflows in the Kerberos-aware telnet server included in the
krb5-workstation package.
PLEASE SEE VENDOR ADVISORY
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1542.html
+---------------------------------+
| openLDAP | ----------------------------//
+---------------------------------+
When subjected to the PROTOS LDAPv3 test suite, versions of OpenLDAP
1.2 through 1.2.11 and 2.0 through 2.0.7 were found to have
vulnerabilities which could be exploited by causing them to attempt
to decode an improperly encoded request. These vulnerabilities were
fixed in OpenLDAP 1.2.12 and 2.0.8.
PLEASE SEE VENDOR ADVISORY
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1543.html
------------------------------------------------------------------------
Distributed by: Guardian Digital, Inc. LinuxSecurity.com
To unsubscribe email vuln-newsletter-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
------------------------------------------------------------------------
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.