The maintenance team would like to announce that the following packages are available from the updates repositories for SME 6.0 & 6.0.1
To update your server see
http://no.longer.valid/phpwiki/index.php/How%20to%20update%20SME%20ServerTo help this process see
http://no.longer.valid/phpwiki/index.php/Maintenance%20Processapache-1.3.27-6.legacy.i386.rpm
mod_ssl-2.8.12-7.legacy.i386.rpm
http://www.fedoralegacy.org/updates/RH7.3/2004-12-03-FLSA_2004_2148__Updated_httpd__apache_and_mod_ssl_packages_fix_security_issues.html An issue has been discovered in the mod_ssl module when configured to
use the "SSLCipherSuite" directive in directory or location context. If
a particular location context has been configured to require a specific
set of cipher suites, then a client will be able to access that location
using any cipher suite allowed by the virtual host configuration. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0885 to this issue.
Problems that apply to Red Hat Linux 7.3 only:
A buffer overflow in mod_include could allow a local user who is
authorised to create server side include (SSI) files to gain the
privileges of a httpd child. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2004-0940 to this
issue.
curl-7.9.5-2.2.legacy.i386.rpm
FL Note:
https://www.redhat.com/archives/fedora-legacy-announce/2005-July/msg00011.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152917 Multiple buffer overflow bugs were found in the way curl processes
base64 encoded replies. If a victim can be tricked into visiting a URL
with curl, a malicious web server could execute arbitrary code on a
victim's machine. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0490 to this issue.
dhcp-2.0pl5-8.2.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-07-10-FLSA_2005_152835__Updated_dhcp_package_fixes_security_issue.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152835 "infamous41md" noticed that the log functions in dhcp 2.x pass
parameters to a function that uses format strings. One use seems to be
exploitable in connection with a malicious DNS server. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1006 to this issue.
dovecot-0.99.14-01nx1.i386.rpm
SME Bug 196:
http://no.longer.valid/mantis/bug_view_advanced_page.php?bug_id=0000196 Update to newer dovecot 0.99.14
fileutils-4.1-10.4.i386.rpm
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-309.html RH Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=102006 Georgi Guninski discovered a memory starvation denial of service
vulnerability in the ls program. It is possible to make ls allocate a
huge amount of memory by specifying certain command line arguments. This
vulnerability is remotely exploitable through services like wu-ftpd, which
pass user arguments to ls. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2003-0854 to this issue.
A non-exploitable integer overflow in ls has also been discovered. It is
possible to make ls crash by specifying certain command line arguments.
This vulnerability is remotely exploitable through services like wu-ftpd,
which pass user arguments to ls. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2003-0853 to this issue.
gd-1.8.4-4.1.legacy.i386.rpm
FL Note:
https://www.redhat.com/archives/fedora-legacy-announce/2005-July/msg00015.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152838 Several buffer overflows were reported in various memory allocation
calls. An attacker could create a carefully crafted image file in such a
way that it could cause ImageMagick to execute arbitrary code when
processing the image. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0990 to these issues.
While researching the fixes to these overflows, additional buffer
overflows were discovered in calls to gdMalloc. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0941 to these issues.
glibc-2.2.5-44.legacy.3.i386.rpm
glibc-common-2.2.5-44.legacy.3.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-10-23-FLSA_2004_1947__Updated_glibc_packages_fix_flaws.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1947 A security audit of glibc revealed a flaw in the resolver library which
was originally reported as affecting versions of ISC BIND 4.9. This flaw
also applied to glibc versions before 2.3.2. An attacker who is able to
send DNS responses (perhaps by creating a malicious DNS server) could
remotely exploit this vulnerability to execute arbitrary code or cause a
denial of service. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2002-0029 to this issue.
gnupg-1.0.7-13.i386.rpm
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-390.html Phong Nguyen identified a severe bug in the way GnuPG creates and uses
ElGamal keys, when those keys are used both to sign and encrypt data. This
vulnerability can be used to trivially recover the private key. While the
default behavior of GnuPG when generating keys does not lead to the
creation of unsafe keys, by overriding the default settings an unsafe key
could have been created.
initscripts-6.67-1es26.i386.rpm
SME Bug 52:
http://no.longer.valid/mantis/bug_view_advanced_page.php?bug_id=0000052iproute-2.4.7-7.73.1.i386.rpm
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-316.html Herbert Xu reported that iproute can accept spoofed messages sent on the
kernel netlink interface by other users on the local machine. This could
lead to a local denial of service attack. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0856 to
this issue.
iptables-1.2.8-8.73.1.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-02-10-FLSA_2005_2252__Updated_iptables_packages_resolve_security_issues.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=2252 Under certain conditions, iptables did not properly load the required
modules at system startup, which caused the firewall rules to fail to
load and protect the system from remote attackers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0986 to this issue.
libpcap-0.6.2-17.7.3.6.legacy.i386.rpm
tcpdump-3.6.3-17.7.3.6.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-09-29-FLSA_2004_1468__Updated_tcpdump_packages_that_fix_multiple_security_vulnerabilities.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1468 Tcpdump v3.8.1 and earlier versions contained multiple flaws in the
packet display functions for the ISAKMP protocol. Upon receiving
specially crafted ISAKMP packets, tcpdump would try to read beyond
the end of the packet capture buffer and subsequently crash.
libpng-1.0.15-0.7x.1.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-02-08-FLSA_2005_1943__Updated_libpng_resolves_security_vulnerabilities.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1943 and
https://bugzilla.fedora.us/show_bug.cgi?id=1550 During a source code audit, Chris Evans discovered several buffer overflows
in libpng. An attacker could create a carefully crafted PNG file in such a
way that it would cause an application linked with libpng to execute
arbitrary code when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0597 to these issues.
In addition, this audit discovered a potential NULL pointer dereference in
libpng (CAN-2004-0598) and several integer overflow issues (CAN-2004-0599).
An attacker could create a carefully crafted PNG file in such a way that
it would cause an application linked with libpng to crash when the file was
opened by the victim.
These patches also include a more complete fix for the out of bounds memory
access flaw (CVE-2002-1363), in which there was a buffer overrun while adding
filler bytes to 16-bit RGBA samples, and a similar patch (CAN-2004-0768) that
fixes a buffer overrun while adding filler bytes to 16-bit grayscale samples.
libxml2-2.4.19-6.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-10-04-FLSA_2004_1324__Updated_libxml2_resolves_security_vulnerability.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1324 Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6.
When fetching a remote resource via FTP or HTTP, libxml2 uses special
parsing routines. These routines can overflow a buffer if passed a very
long URL. If an attacker is able to find an application using libxml2
that parses remote resources and allows them to influence the URL, then
this flaw could be used to execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0110 to this issue.
mc-4.5.55-6.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-05-18-FLSA_2004_1224__Updated_mc_resolves_security_vulnerability.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1224 There exists a stack-based buffer overflow in vfs_s_resolve_symlink of
vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly
later versions, allowing remote attackers to execute arbitrary code during
symlink conversion.
mysql-3.23.58-1.73.6.legacy.i386.rpm
mysql-devel-3.23.58-1.73.6.legacy.i386.rpm
mysql-server-3.23.58-1.73.6.legacy.i386.rpm
FL Note:
https://www.redhat.com/archives/fedora-legacy-announce/2005-July/msg00010.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152925 Stefano Di Paola discovered two bugs in the way MySQL handles user-
defined functions. A user with the ability to create and execute a user
defined function could potentially execute arbitrary code on the MySQL
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CAN-2005-0709 and CAN-2005-0710 to these issues.
Stefano Di Paola also discovered a bug in the way MySQL creates
temporary tables. A local user could create a specially crafted symlink
which could result in the MySQL server overwriting a file which it has
write access to. The Common Vulnerabilities and Exposures project has
assigned the name CAN-2005-0711 to this issue.
pam-0.75-46.10.legacy.7x.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-05-18-FLSA_2005_152771__Updated_pam_packages_fix_security_issue.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152771 These updates fix a potential security problem present in the pam_wheel
module. These updates correct a bug in the pam_lastlog module which
prevented it from properly manipulating the /var/log/lastlog entry for
users with very high user IDs.
The pam_wheel module is used to restrict access to a particular service
based on group membership. If the pam_wheel module was used with the
"trust" option enabled, but without the "use_uid" option, any local user
would be able to spoof the username returned by getlogin(). The user
could therefore gain access to a superuser account without supplying a
password. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0388 to this issue.
When manipulating the entry in /var/log/lastlog, which corresponds to a
given user, the pam_lastlog module calculates the location of the entry
by multiplying the UID and the length of an entry in the file. On some
systems, the result of this calculation would mistakenly be truncated to
32 bits for users with sufficiently high UIDs.
perl-5.6.1-36.1.73.i386.rpm
perl-CPAN-1.59_54-36.1.73.i386.rpm
perl-DB_File-1.75-36.1.73.i386.rpm
perl-NDBM_File-1.75-36.1.73.i386.rpm
perl-suidperl-5.6.1-36.1.73.i386.rpm
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-256.html Various Fixes including: CAN-2003-0615 & CVE-2002-1323
pine-4.44-19.73.0.i386.rpm
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-273.html A buffer overflow exists in the way unpatched versions of Pine prior to
4.57 handle the 'message/external-body' type. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0720
to this issue.
An integer overflow exists in the Pine MIME header parsing in versions
prior to 4.57. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0721 to this issue.
proftpd-1.2.9-es3.i386.rpm
proftpd-1.2.9-es3 from Mitel mirrors contains a fix for the relevant security problem (CIDR access lists) found in 1.2.9.
screen-3.9.11-4.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-01-26-FLSA_2004_1187__Updated_screen_resolves_security_vulnerability.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1187sharutils-4.2.1-12.8.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-07-10-FLSA_2005_154991__Updated_sharutils_package_fixes_security_issue.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154991 A bug was found in the way unshar creates temporary files. A local user
could use symlinks to overwrite arbitrary files the victim running
unshar has write access to. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0990 to this
issue.
slocate-2.7-1.7.3.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-02-11-FLSA_2004_1232__Updated_slocate_resolves_security_vulnerabilites.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1232 A vulnerability has been found in Slocate versions up to and including 2.7
where a carefully crafted database could overflow a heap-based buffer. A
local user could exploit this vulnerability to gain "slocate" group
privileges and then read the entire slocate database. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2003-0848 to this issue.
These packages also fix a buffer overflow that affected unpatched versions
of Slocate prior to 2.7. This vulnerability could also allow a local user
to gain "slocate" group privileges. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0056 to
this issue.
sudo-1.6.5p2-2.2.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-05-12-FLSA_2005_152856__Updated_sudo_packages_fix_security_issue.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152856 A flaw in exists in sudo's environment sanitizing prior to sudo version
1.6.8p2 that could allow a malicious user with permission to run a shell
script that utilized the bash shell to run arbitrary commands. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1051 to this issue.
sysklogd-1.4.1-14.legacy.7x.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-07-19-FLSA_2004_1553__Updated_sysklogd_resolves_memory_buffer_bug__reissue_to_fix_url_.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1553 During a code review it was discovered that syslogd does not allocate
enough memory to store all its pointers in the crunch list. Without it,
the array is not big enough and unexpected results (or core dump) may
follow.
telnet-0.17-20.1.legacy.i386.rpm
telnet-server-0.17-20.1.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-07-11-FLSA_2005_152583__Updated_telnet_packages_fix_security_issues.html FL Bug :
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152583 Two buffer overflow flaws were discovered in the way the telnet client
handles messages from a server. An attacker may be able to execute
arbitrary code on a victim's machine if the victim can be tricked into
connecting to a malicious telnet server. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the names CAN-2005-0468
and CAN-2005-0469 to these issues.
ucd-snmp-4.2.5-8.73.1.i386.rpm
RH Note:
http://rhn.redhat.com/errata/RHBA-2002-159.html RH Bug :
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=67610 and
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=69125 These updated ucd-snmp packages fix a problem introduced in 4.2.5, which
broke memory reporting. They also add support for dynamic lm_sensors reporting.
unzip-5.50-31.i386.rpm
RH Note:
https://rhn.redhat.com/errata/RHSA-2003-199.html RH Bug :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282 A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to
overwrite arbitrary files during archive extraction by placing invalid
(non-printable) characters between two "." characters. These non-printable
characters are filtered, resulting in a ".." sequence. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0282 to this issue.
This erratum includes a patch ensuring that non-printable characters do not
make it possible for a malicious .zip file to write to parent directories
unless the "-:" command line parameter is specified.
utempter-0.5.2-6.7.x.1.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2004-05-18-FLSA_2004_1546__Updated_utempter_resolves_security_vulnerability____Reissue__updated_8_0_version_numbers.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=1546 Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
vim-common-6.1-18.7x.2.3.legacy.i386.rpm
vim-enhanced-6.1-18.7x.2.3.legacy.i386.rpm
vim-minimal-6.1-18.7x.2.3.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-02-23-FLSA_2005_2343__Updated_vim_packages_fix_security_issues.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=2343 Ciaran McCreesh discovered a modeline vulnerability in VIM. It is
possible that a malicious user could create a file containing a
specially crafted modeline which could cause arbitrary command execution
when viewed by a victim. Please note that this issue only affects users
who have modelines and filetype plugins enabled, which is not the
default. The Common Vulnerabilities and Exposures project has assigned
the name CAN-2004-1138 to this issue.
The Debian Security Audit Project discovered an insecure temporary file
usage in VIM. A local user could overwrite or create files as a
different user who happens to run one of the the vulnerable utilities.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0069 to this issue.
zip-2.3-26.1.0.7.3.legacy.i386.rpm
FL Note:
http://www.fedoralegacy.org/updates/RH7.3/2005-02-01-FLSA_2005_2255__Updated_zip_package_fixes_security_issue.html FL Bug :
https://bugzilla.fedora.us/show_bug.cgi?id=2255 A buffer overflow bug has been discovered in zip when handling long file
names. An attacker could create a specially crafted path which could
cause zip to crash or execute arbitrary instructions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1010 to this issue.
7 Replies
2573 Views