Date: Thu, 26 Aug 2004 11:17:19 +0200
From: Trustix Security Advisor <[email protected]>
To: [email protected]Subject: TSL-2004-0043 - multi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0043
Package name: courier-imap, samba, zlib
Summary: Multiple vulnerabilities
Date: 2004-08-26
Affected versions: Trustix Secure Linux 1.5
Trustix Secure Linux 2.0
Trustix Secure Linux 2.1
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
courier-imap:
Courier-IMAP is an IMAP server for Maildir mailboxes. This package contains
the standalone version of the IMAP server that's included in the Courier
mail server package. This package is a standalone version for use with
other mail servers. Do not install this package if you intend to install the
full Courier mail server. Install the Courier package instead.
samba:
Samba provides an SMB server which can be used to provide network
services to SMB (sometimes called "Lan Manager") clients, including
various versions of MS Windows, OS/2, and other Linux machines.
zlib:
The zlib compression library provides in-memory compression and
decompression functions, including integrity checks of the uncompressed
data. This version of the library supports only one compression method
(deflation), but other algorithms may be added later, which will have
the same stream interface. The zlib library is used by many different
system programs.
Problem description:
courier-imap:
Format string vulnerability in the auth_debug function in Courier-IMAP
1.6.0 to 2.2.1, when login debugging (DEBUG_LOGIN) is enabled, allows
remote attackers to execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0777 to this issue.
samba:
A new samba release (2.2.11) in Trustix Secure Linux 1.5 and 2.0
fixes crashes in smbd triggered by a Windows XP SP2 client sending a
FindNextPrintChangeNotify() request without previously issuing
FindFirstPrintChangeNotify().
A new samba release (3.0.6) in Trustix Secure Linux 2.1 and Trustix
Operating System - Enterprise Server 2 fixes a few bugs and memory leaks.
See also the changelog on
<URI:http://us3.samba.org/samba/history/samba-3.0.6.html>
zlib:
A bug in zlib 1.2.1 would make it crash on certain invalid input. This
problem is believed to have DoS (Denial of Service) potential only.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Public testing:
Most updates for Trustix Secure Linux are made available for public
testing some time before release.
If you want to contribute by testing the various packages in the
testing tree, please feel free to share your findings on the
tsl-discuss mailinglist.
The testing tree is located at
<URI:http://tsldev.trustix.org/horizon/>
You may also use swup for public testing of updates:
site {
class = 0
location = "http://tsldev.trustix.org/horizon/rdfs/latest.rdf"
regexp = ".*"
}
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-1.5/>,
<URI:http://www.trustix.org/errata/trustix-2.0/> and
<URI:http://www.trustix.org/errata/trustix-2.1/>
or directly at
<URI:http://www.trustix.org/errata/2004/0043>
MD5sums of the packages:
- --------------------------------------------------------------------------
680cdc6191f9682a388f7ed128f0c08b courier-imap-2.2.1-5tr.i586.rpm
4c819f30d62e7fdd2b2216821619dba7 courier-imap-ldap-2.2.1-5tr.i586.rpm
f2b40be90f79f41e50b2f29ba74ad918 courier-imap-mysql-2.2.1-5tr.i586.rpm
8f53dbc4d8f5627905d3a82dc4ad1fb1 courier-imap-pgsql-2.2.1-5tr.i586.rpm
0a3abf1f7f876d16acbfdff205e7c126 samba-3.0.6-1tr.i586.rpm
14678c026c7fc78902e2ebc8bbafdd92 samba-client-3.0.6-1tr.i586.rpm
b39fc613a60861f5f77356e73684dd54 samba-common-3.0.6-1tr.i586.rpm
73b2b3215de61634429ec6fa5efe1564 samba-mysql-3.0.6-1tr.i586.rpm
56c047fcc3586b89bfca738aecd6f25a zlib-1.2.1-4tr.i586.rpm
96885c1bfcb44b18a2ddefabf3356fe8 zlib-devel-1.2.1-4tr.i586.rpm
a23e6b9b98f28850a894deb8f5619961 2.1/rpms/courier-imap-2.2.1-5tr.i586.rpm
f4b0fbb2ec939244b2776df77b296570 2.1/rpms/courier-imap-ldap-2.2.1-5tr.i586.rpm
69d897c842b991ea612a1b44bc0145d0 2.1/rpms/courier-imap-mysql-2.2.1-5tr.i586.rpm
10fd568f429dbb9fdea2ae57b180ce13 2.1/rpms/courier-imap-pgsql-2.2.1-5tr.i586.rpm
2e439fbb07f180067d2e1f89a344ba6b 2.1/rpms/samba-3.0.6-1tr.i586.rpm
064485f47c456ba4f0c8ba06e937e311 2.1/rpms/samba-client-3.0.6-1tr.i586.rpm
46c742a43064f26830dc4443ad1b2040 2.1/rpms/samba-common-3.0.6-1tr.i586.rpm
cf331466c5beb7fd8f557e5aa66336bf 2.1/rpms/samba-mysql-3.0.6-1tr.i586.rpm
b1b5b8a591aa6f9fe9febe2bc473dbcc 2.1/rpms/zlib-1.2.1-4tr.i586.rpm
93ca8c0b75c46441f81497d94c2bdf39 2.1/rpms/zlib-devel-1.2.1-4tr.i586.rpm
eb33cf3de19c0f16f3c49f60e2290b41 2.0/rpms/courier-imap-1.7.1-15tr.i586.rpm
4371467433ee0852f6566e6d366c0abd 2.0/rpms/courier-imap-ldap-1.7.1-15tr.i586.rpm
0f6ae9a38ab966c37219fd2a5138359c 2.0/rpms/courier-imap-mysql-1.7.1-15tr.i586.rpm
700cf7e841a1c19b1aa78063426a4f92 2.0/rpms/courier-imap-pgsql-1.7.1-15tr.i586.rpm
aa428e5f29c575478614e1e71ecf13c8 2.0/rpms/samba-2.2.11-1tr.i586.rpm
cd638f62402a62d142ab57295821830e 2.0/rpms/samba-client-2.2.11-1tr.i586.rpm
894e41846b8fd92408b6fea67ca4d087 2.0/rpms/samba-common-2.2.11-1tr.i586.rpm
7361509d0cdc089c83940df4cd69fe32 1.5/samba-2.2.11-0.1tr.i586.rpm
99f24b6cca2d63071ad51bfb210f104a 1.5/samba-client-2.2.11-0.1tr.i586.rpm
2a325dca8ad4e5d8a920ce979bc657b0 1.5/samba-common-2.2.11-0.1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFBLaldi8CEzsK9IksRArDYAKCYJu57aR9r6lbIQHjFXsAYT/b5BQCgrqpb
xFoc0fhyJtkNKJTWZBVbCM8=
=Qg7D
-----END PGP SIGNATURE-----