Some much-needed updates have been made to the stable Slack/390 (version
10.0) platform. They're available from the main download server. I suspect
the mirrors will be caught up by tomorrow. I'll be hitting -current next.
Mark Post
Fri Dec 16 13:35:00 EST 2005
patches/packages/curl-7.12.2-s390-1.tgz: Patched. This addresses a buffer
overflow in libcurl's NTLM function that could have possible security
implications.
For more details, see:
http://curl.haxx.se/docs/security.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
patches/packages/elm-2.5.8-s390-1.tgz: Upgraded to elm2.5.8.
This fixes a buffer overflow in the parsing of the Expires header that
could be used to execute arbitrary code as the user running Elm.
Thanks to Ulf Harnhammar for finding the bug and reminding me to get
out updated packages to address the issue.
A reference to the original advisory:
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html
patches/packages/lynx-2.8.5rel.5-s390-1.tgz: Upgraded to lynx-2.8.5rel.5.
Fixes an issue where the handling of Asian characters when using lynx to
connect to an NNTP server (is this a common use?) could result in a buffer
overflow causing the execution of arbitrary code.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3120
(* Security fix *)
patches/packages/mod_ssl-2.8.25_1.3.34-s390-1.tgz:
Upgraded to mod_ssl-2.8.25-1.3.34.
patches/packages/wget-1.10.2-s390-1.tgz: Upgraded to wget-1.10.2.
This addresses a buffer overflow in wget's NTLM handling function that
could
have possible security implications.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3185
(* Security fix *)
+--------------------------+
Fri Dec 16 03:18:00 EST 2005
patches/packages/imapd-4.64-s390-1.tgz: Upgraded to imapd-4.64.
A buffer overflow was reported in the mail_valid_net_parse_work function.
However, this function in the c-client library does not appear to be
called
from anywhere in imapd. iDefense states that the issue is of LOW risk to
sites that allow users shell access, and LOW-MODERATE risk to other
servers.
I believe it's possible that it is of NIL risk if the function is indeed
dead code to imapd, but draw your own conclusions...
(* Security fix *)
patches/packages/koffice-1.3.1-s390-3.tgz: Patched.
Fixes a buffer overflow in KWord's RTF import discovered by Chris Evans.
For more details, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(* Security fix *)
patches/packages/openssl-0.9.7d-s390-2.tgz: Patched.
Fixed a vulnerability that could, in rare circumstances, allow an attacker
acting as a "man in the middle" to force a client and a server to
negotiate
the SSL 2.0 protocol (which is known to be weak) even if these parties
both
support SSL 3.0 or TLS 1.0.
For more details, see:
http://www.openssl.org/news/secadv_20051011.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
(* Security fix *)
patches/packages/openssl-solibs-0.9.7d-s390-2.tgz: Patched.
(* Security fix *)
patches/packages/pine-4.64-s390-1.tgz: Upgraded to pine-4.64.
patches/packages/x11-6.7.0-s390-3.tgz: Patched a pixmap overflow issue.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2495
(* Security fix *)
patches/packages/x11-xnest-6.7.0-s390-3.tgz: Patched and rebuilt.
patches/packages/x11-xprt-6.7.0-s390-3.tgz: Patched and rebuilt.
patches/packages/x11-xvfb-6.7.0-s390-3.tgz: Patched and rebuilt.
patches/packages/xine-lib-1.0.3a-s390-1.tgz: Upgraded to xine-lib-1.0.3a.
This fixes a format string bug where an attacker, if able to upload
malicious
information to a CDDB server and then get a local user to play a certain
audio CD, may be able to run arbitrary code on the machine as the user
running the xine-lib linked application.
For more information, see:
http://xinehq.de/index.php/security/XSA-2005-1
(* Security fix *)
+--------------------------+
Thu Dec 15 03:14:00 EST 2005
patches/packages/apache-1.3.34-s390-1.tgz: Upgraded to apache-1.3.34.
Fixes this minor security bug: "If a request contains both
Transfer-Encoding
and Content-Length headers, remove the Content-Length, mitigating some
HTTP
Request Splitting/Spoofing attacks."
(* Security fix *)
patches/packages/dhcpcd-1.3.22pl4-s390-2.tgz: Patched an issue where a
remote attacker can cause dhcpcd to crash.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
(* Security fix *)
patches/packages/gaim-1.5.0-s390-1.tgz: Upgraded to gaim-1.5.0.
This fixes some more security issues.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
(* Security fix *)
patches/packages/kdebase-3.2.3-s390-3.tgz: Patched a security bug in
kcheckpass that could allow a local user to gain root privileges.
For more information, see:
http://www.kde.org/info/security/advisory-20050905-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494
(* Security fix *)
patches/packages/mozilla-1.7.12-s390-1.tgz: Upgraded to mozilla-1.7.12.
This fixes several security issues. For more information, see:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla
(* Security fix *)
patches/packages/mozilla-plugins-1.7.12-noarch-1.tgz: Upgraded Java(TM)
symlink for Mozilla.
patches/packages/pcre-6.3-s390-1.tgz: Upgraded to pcre-6.3.
This fixes a buffer overflow that could be triggered by the processing of
a
specially crafted regular expression. Theoretically this could be a
security
issue if regular expressions are accepted from untrusted users to be
processed by a user with greater privileges, but this doesn't seem like a
common scenario (or, for that matter, a good idea). However, if you are
using an application that links to the shared PCRE library and accepts
outside input in such a manner, you will want to update to this new
package.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
patches/packages/php-4.3.11-s390-3.tgz: Relinked with the system PCRE
library,
as the builtin library has a buffer overflow that could be triggered by
the
processing of a specially crafted regular expression.
Note that this change requires the pcre package to be installed.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
(* Security fix *)
Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the
insecure eval() function.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498
(* Security fix *)
patches/packages/util-linux-2.12a-s390-2.tgz: Patched an issue with
umount where if the umount failed when the '-r' option was used, the
filesystem would be remounted read-only but without any extra flags
specified in /etc/fstab. This could allow an ordinary user able to
mount a floppy or CD (but with nosuid, noexec, nodev, etc in
/etc/fstab) to run a setuid binary from removable media and gain
root privileges.
Reported to BugTraq by David Watson:
http://www.securityfocus.com/archive/1/410333
(* Security fix *)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
