Date: Fri, 11 Feb 2005 16:41:20 +0100
From: Trustix Security Advisor <tsl@trustix.org.>
To: [email protected]Subject: TSLSA-2005-0003 - multi
Message-ID: <20050211154120.GA24947@tsunami.trustix.net.>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2i
X-Virus-Scanned: amavisd-new at lists.trustix.org
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0003
Package name: bind clamav cpio cups mod_python perl postgresql python
squid
Summary: Security fixes
Date: 2005-02-11
Affected versions: Trustix Secure Linux 1.5
Trustix Secure Linux 2.1
Trustix Secure Linux 2.2
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
bind:
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols. BIND includes a DNS server (named),
which resolves host names to IP addresses, and a resolver library
(routines for applications to use when interfacing with DNS). A DNS
server allows clients to name resources or objects and share the
information with other network machines. The named DNS server can be
used on workstations as a caching name server, but is generally only
needed on one machine for an entire network.
clamav:
Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this
software is the integration with mail servers (attachment scanning).
The package provides a flexible and scalable multi-threaded daemon,
a command line scanner, and a tool for automatic updating via Internet.
The programs are based on a shared library distributed with package,
which you can use with your own software.
Most importantly, the virus database is kept up to date .
cpio:
GNU cpio copies files into or out of a cpio or tar archive. Archives
are files which contain a collection of other files plus information
about them, such as their file name, owner, timestamps, and access
permissions. The archive can be another file on the disk, a magnetic
tape, or a pipe. GNU cpio supports the following archive formats: binary,
old ASCII, new ASCII, crc, HPUX binary, HPUX old ASCII, old tar and POSIX.1
tar. By default, cpio creates binary format archives, so that they are
compatible with older cpio programs. When it is extracting files from
archives, cpio automatically recognizes which kind of archive it is reading
and can read archives created on machines with a different byte-order.
cups:
The Common UNIX Printing System provides a portable printing layer for
UNIX(R) operating systems. It has been developed by Easy Software Products
to promote a standard printing solution for all UNIX vendors and users.
CUPS provides the System V and Berkeley command-line interfaces.
mod_python:
Mod_python is a module that embeds the Python language interpreter within
the server, allowing Apache handlers to be written in Python.
perl:
Perl is a high-level programming language with roots in C, sed, awk
and shell scripting. Perl is good at handling processes and files,
and is especially good at handling text. Perl's hallmarks are
practicality and efficiency. While it is used to do a lot of
different things, Perl's most common applications (and what it excels
at) are probably system administration utilities and web programming.
A large proportion of the CGI scripts on the web are written in Perl.
You need the perl package installed on your system so that your
system can handle Perl scripts.
postgresql:
PostgreSQL is an advanced Object-Relational database management system
(DBMS) that supports almost all SQL constructs (including
transactions, subselects and user-defined types and functions). The
postgresql package includes the client programs and libraries that
you'll need to access a PostgreSQL DBMS server. These PostgreSQL
client programs are programs that directly manipulate the internal
structure of PostgreSQL databases on a PostgreSQL server. These client
programs can be located on the same machine with the PostgreSQL
server, or may be on a remote machine which accesses a PostgreSQL
server over a network connection. This package contains the docs
in HTML for the whole package, as well as command-line utilities for
managing PostgreSQL databases on a PostgreSQL server.
python:
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries.
squid:
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Problem description:
bind:
A bug in the dnssec validator can result in an internal consistency check
failing and thus causing the named to exit abnormally.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0034 to this issue.
clamav:
An attacker can crash the ClamAV daemon by sending a specially
crafted ZIP file and thus causing a DoS.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0133 to this issue.
cpio:
cpio reset the umask to 0 when writing files with the -O flag.
This left the files both readable and writeable by all.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-1999-1572 to this issue.
cups:
A buffer overflow was found in the Decrypt::makeFileKey2 function
in Decrypt.cc for xpdf 3.00 and earlier allowed remote attackers
to execute arbitrary code via a PDF file.
xpdf is not part of TSL, but a number of projects have reused this
code. Of those, cups is included in TSL.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0064 to this issue.
mod_python:
Graham Dumpleton discovered a flaw affecting the publisher handler of
mod_python, used to make objects inside modules callable via URL.
A remote user could visit a carefully crafted URL that would gain access to
objects that should not be visible, leading to an information leak.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0088 to this issue.
perl:
When executing a setuid-root perl, the file pointed to by the
PERLIO_DEBUG environment varibale would be overwritten. This has now
been fixed by ignoring PERLIO_DEBUG for setuid perl scripts.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0155 to this issue.
Executing a setuid root perl script with a very long path caused a
buffer overflow if the PERLIO_DEBUG environment variable was set.
This bug could be exploited to gain root privileges.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0156 to this issue.
postgresql:
New upstream. Fixes local privilege escalation discovered by John Heasman
Any user could use the LOAD extention to load any shared library into
the server.
This could be used to execute commands as the postgresql user.
python:
From the Python advisory:
The Python development team has discovered a flaw in the
SimpleXMLRPCServer library module which can give remote attackers
access to internals of the registered object or its module or possibly
other modules. The flaw only affects Python XML-RPC servers that use
the register_instance() method to register an object without a
_dispatch() method. Servers using only register_function() are not
affected.
On vulnerable XML-RPC servers, a remote attacker may be able to view
or modify globals of the module(s) containing the registered instance's
class(es), potentially leading to data loss or arbitrary code execution.
If the registered object is a module, the danger is particularly serious.
For example, if the registered module imports the os module, an attacker
could invoke the os.system() function.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0089 to this issue.
squid:
A buffer overflow in the Gopher responses parser can be exploited
remotely in a denial of service attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0094 to this issue.
An integer overflow in the receiver of Web Cache Communication Protocol
messages can be exploited remotely in a denial of service attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0095 to this issue.
A memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7
and can be exploited remotely in a denial of service attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0096 to this issue.
Sending a malformed NTML message to Squid 2.5.STABLE7 and earlier
can cause a remore denial of service attack.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0097 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-1.5/>,
<URI:http://www.trustix.org/errata/trustix-2.1/> and
<URI:http://www.trustix.org/errata/trustix-2.2/>
or directly at
<URI:http://www.trustix.org/errata/2005/0003/>
MD5sums of the packages:
- --------------------------------------------------------------------------
edf340ef53a7489be5feb31c5c40fb7a 2.2/rpms/bind-9.3.0-6tr.i586.rpm
9d97b4a4d7b177b209278fe3772f84dc 2.2/rpms/bind-devel-9.3.0-6tr.i586.rpm
e90c07b0b8147e888cb0123bf200e545 2.2/rpms/bind-libs-9.3.0-6tr.i586.rpm
a4ff8817412c2536934ae21a47019994 2.2/rpms/bind-light-9.3.0-6tr.i586.rpm
be377c6746f0e365fe498c58ac288dab 2.2/rpms/bind-light-devel-9.3.0-6tr.i586.rpm
3f01be31c9df4e6615b3afa16011a076 2.2/rpms/bind-utils-9.3.0-6tr.i586.rpm
c29d1286e69da619f925781bf2af2611 2.2/rpms/clamav-0.80-3tr.i586.rpm
158cb7e495e67358fea8d7619f4d9301 2.2/rpms/clamav-devel-0.80-3tr.i586.rpm
d42c475fcbf22473dd0076991b1c2cc8 2.2/rpms/cpio-2.5-9tr.i586.rpm
a44df52c5a3caa8ed66183a0ae1657ca 2.2/rpms/cups-1.1.23-2tr.i586.rpm
56935808faf04692b4cc1f4751886a65 2.2/rpms/cups-devel-1.1.23-2tr.i586.rpm
76e7adccc01aaee65379286d873e67d7 2.2/rpms/cups-libs-1.1.23-2tr.i586.rpm
d897e337b57ff1769de1c2f3784ede2e 2.2/rpms/mod_python-3.1.3-2tr.i586.rpm
740159c0a1af369e1f05ca00ef0bda70 2.2/rpms/perl-5.8.5-4tr.i586.rpm
2b87e851b2ecd40f6ae3530cafaafefc 2.2/rpms/postgresql-8.0.1-1tr.i586.rpm
6d41dd9c2489460bccd004567e68cf92 2.2/rpms/postgresql-contrib-8.0.1-1tr.i586.rpm
181fec1ac113df1eaa6b0a6fedc5d447 2.2/rpms/postgresql-devel-8.0.1-1tr.i586.rpm
f710edabbaa5127442e6c3682735ef70 2.2/rpms/postgresql-docs-8.0.1-1tr.i586.rpm
0b3ebc5fdd0f67f1e2d24a4c8f565b76 2.2/rpms/postgresql-libs-8.0.1-1tr.i586.rpm
d16a77091ca20f1f811d9847befe4e66 2.2/rpms/postgresql-plperl-8.0.1-1tr.i586.rpm
3ca468af41ad8fadfc896502d262441a 2.2/rpms/postgresql-python-8.0.1-1tr.i586.rpm
01c63b048e332045b738c804921d026d 2.2/rpms/postgresql-server-8.0.1-1tr.i586.rpm
f9a8f85a673def7737b3e7c25e3e0317 2.2/rpms/postgresql-test-8.0.1-1tr.i586.rpm
653cfb455b18d744f256ce80c9257ea4 2.2/rpms/python-2.2.3-15tr.i586.rpm
1eabd8f09a09dab9d2fc1b7f21386f05 2.2/rpms/python-dbm-2.2.3-15tr.i586.rpm
207808fabdee7cc75b91384112971d03 2.2/rpms/python-devel-2.2.3-15tr.i586.rpm
69296a45c6fbf24fdf567c1427b29f8a 2.2/rpms/python-docs-2.2.3-15tr.i586.rpm
9229c28c83df681a1d8a040b52d34449 2.2/rpms/python-gdbm-2.2.3-15tr.i586.rpm
756fe88b0e879a8bde101eea953cd949 2.2/rpms/python-modules-2.2.3-15tr.i586.rpm
081706dca8282c032198031cd3c9321c 2.2/rpms/squid-2.5.STABLE7-2tr.i586.rpm
151fc3e248b7a5bab0ace6839248c9dc 2.1/rpms/cpio-2.5-9tr.i586.rpm
2b76f057db2434a6e5dfeaf632571a24 2.1/rpms/cups-1.1.23-1tr.i586.rpm
598c9ef86b8fe587a3e58dac00a4bc66 2.1/rpms/cups-devel-1.1.23-1tr.i586.rpm
f0b075344c5e9dbaf2eccfcaeb7ce6d6 2.1/rpms/cups-libs-1.1.23-1tr.i586.rpm
2101e9e0054910530092920425f246ac 2.1/rpms/perl-5.8.3-5tr.i586.rpm
c6d1cfcd6ff77ffbea2283b4153e8d7f 2.1/rpms/perl-devel-5.8.3-5tr.i586.rpm
09fa604b7de541a3354b10b46d98b59c 2.1/rpms/perl-doc-5.8.3-5tr.i586.rpm
613d9861c044f96fd3cda206fc07f633 2.1/rpms/postgresql-7.4.7-1tr.i586.rpm
61b62383dcdefa45a30d0960223be59e 2.1/rpms/postgresql-contrib-7.4.7-1tr.i586.rpm
0be3566daaad982798e66f1033aa0c26 2.1/rpms/postgresql-devel-7.4.7-1tr.i586.rpm
2d5b875d3d0ea6c3f6de2f173c96e220 2.1/rpms/postgresql-docs-7.4.7-1tr.i586.rpm
5cc70d8bd0911b88bc26ae5c1e1ff569 2.1/rpms/postgresql-libs-7.4.7-1tr.i586.rpm
28f819f13f6c32bc5f00c9f68ccdfc62 2.1/rpms/postgresql-plperl-7.4.7-1tr.i586.rpm
967ca48a961a7203eab3136ffbb56848 2.1/rpms/postgresql-python-7.4.7-1tr.i586.rpm
6b5a0555d2ea9a913d8936f285fd806a 2.1/rpms/postgresql-server-7.4.7-1tr.i586.rpm
818c097485e436368287e4045bae10f4 2.1/rpms/postgresql-test-7.4.7-1tr.i586.rpm
061c655434677133f455811a83ed74b7 2.1/rpms/python-2.2.3-11tr.i586.rpm
9a1956561409e6661918831b80674f74 2.1/rpms/python-dbm-2.2.3-11tr.i586.rpm
8ac97e4e779f328b7d6f3cfa5ad3a3f1 2.1/rpms/python-devel-2.2.3-11tr.i586.rpm
568ea81e2ca8b26afdf8487f55de8b36 2.1/rpms/python-docs-2.2.3-11tr.i586.rpm
140cbdd1f787e7fd34dbf902dc56e6ae 2.1/rpms/python-gdbm-2.2.3-11tr.i586.rpm
64f9242da8b7ee4c8429eb29fc0e593d 2.1/rpms/python-modules-2.2.3-11tr.i586.rpm
b981a44d84483e3751d835423a434bd4 1.5/rpms/cpio-2.4.2-16tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFCDNGIi8CEzsK9IksRAgt7AJ9BAvq3oPMOVz8ygpvUs1ioWPhsqQCdH3K7
U5S7jMDlmXlqSPeEmeV5QzA=
=2tNb
-----END PGP SIGNATURE-----