-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0045
Package names: apache, cvs, pcre, php4, php, python
Summary: Multiple vulnerabilities
Date: 2005-08-26
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
apache
Apache is a full featured web server that is freely available, and also
happens to be the most widely used.
cvs
CVS (Concurrent Version System) is a version control system that can
record the history of your files (usually, but not always, source
code). CVS only stores the differences between versions, instead of
every version of every file you have ever created. CVS also keeps a log
of who, when, and why changes occurred.
pcre
Perl-compatible regular expression library.
php4
PHP is an HTML-embedded scripting language. PHP attempts to make it easy
for developers to write dynamically generated web pages. PHP also offers
built-in database integration for several commercial and non-commercial
database management systems, so writing a database-enabled web page with
PHP is fairly simple. The most common use of PHP coding is probably as a
replacement for CGI scripts. The mod_php module enables the Apache web
server to understand and process the embedded PHP language in web pages.
php
PHP is an HTML-embedded scripting language. PHP attempts to make it easy
for developers to write dynamically generated web pages. PHP also offers
built-in database integration for several commercial and non-commercial
database management systems, so writing a database-enabled web page with
PHP is fairly simple. The most common use of PHP coding is probably as a
replacement for CGI scripts. The mod_php module enables the Apache web
server to understand and process the embedded PHP language in web pages.
python
Python is an interpreted, interactive, object-oriented programming
language often compared to Tcl, Perl, Scheme or Java. Python includes
modules, classes, exceptions, very high level dynamic data types and
dynamic typing. Python supports interfaces to many system calls and
libraries.
Problem description:
apache
- SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.
This package uses a private copy of the vulnerable code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.
cvs
- SECURITY Fix: Josh Bressers has reported a security issue in cvs,
which potentially can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.
The security issue is caused due to insecure temporary file usage by the
cvsbug.in script when saving temporary output to "/tmp".
pcre
- SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.
This package uses a private copy of the vulnerable code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.
php4
- SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.
This package uses a private copy of the vulnerable code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.
php
- SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.
This package uses a private copy of the vulnerable code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.
python
- SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows
attackers to execute arbitrary code via quantifier values in regular
expressions, which leads to a heap-based buffer overflow.
This package uses a private copy of the vulnerable code.
The Common Vulnerabilities and Exposures project has assigned the
name CAN-2005-2491 to this issue.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2005/0045/>
MD5sums of the packages:
- --------------------------------------------------------------------------
188f1d8684ba19a152a40cf06617568d 3.0/rpms/apache-2.0.54-13tr.i586.rpm
224c0813d2e92aba0140448934570b3f 3.0/rpms/apache-dbm-2.0.54-13tr.i586.rpm
4a150ef78c1bd449465ba0814b43dbe9 3.0/rpms/apache-devel-2.0.54-13tr.i586.rpm
48f936e229146de6745b1a16e43551d8 3.0/rpms/apache-html-2.0.54-13tr.i586.rpm
fb5b3e66bae82ef966b7363c65137b3f 3.0/rpms/apache-manual-2.0.54-13tr.i586.rpm
4c5ef892c1010799d9d64485c92576ac 3.0/rpms/apache-suexec-2.0.54-13tr.i586.rpm
69a7c74e4a2b671dc1578e6f79190c42 3.0/rpms/cvs-1.12.12-5tr.i586.rpm
eb72223e403d42a0f9ab7bf79f21b8b9 3.0/rpms/cvs-contrib-1.12.12-5tr.i586.rpm
6c8b70962437d5810af21973173d11e7 3.0/rpms/cvs-pserver-1.12.12-5tr.i586.rpm
96d0027040fc60deede2c7def8f9ced1 3.0/rpms/pcre-5.0-4tr.i586.rpm
2a9827974804d4583070b50dd802614b 3.0/rpms/pcre-devel-5.0-4tr.i586.rpm
db39f8d77994b943c3dda2cc58f5c38b 3.0/rpms/php-5.0.4-18tr.i586.rpm
ab5ac4261bc43208e44728a42508fbdf 3.0/rpms/php-cli-5.0.4-18tr.i586.rpm
f64974cf20542dcc9a1cf37f1a510253 3.0/rpms/php-curl-5.0.4-18tr.i586.rpm
e4739b55dbd7971b428afed5cc8ee09b 3.0/rpms/php-devel-5.0.4-18tr.i586.rpm
a091a50636688d0d04164e0cd30a9ea2 3.0/rpms/php-exif-5.0.4-18tr.i586.rpm
dff4d3f3425f0d5f5d983d38cb373538 3.0/rpms/php-fcgi-5.0.4-18tr.i586.rpm
9b88c903b6824d732064a91d4d113b2d 3.0/rpms/php-gd-5.0.4-18tr.i586.rpm
c576bc9ddf0219369ab9b1e60b58a6ed 3.0/rpms/php-imap-5.0.4-18tr.i586.rpm
b553c65ad30175842d6cf1128357721d 3.0/rpms/php-ldap-5.0.4-18tr.i586.rpm
fd50d06e4aa96ab1e6f03c225c4c6bdd 3.0/rpms/php-mhash-5.0.4-18tr.i586.rpm
842b0a2035cd79a6f464c4c62227db09 3.0/rpms/php-mysql-5.0.4-18tr.i586.rpm
ea9b6e4f8ba3d3a3ba7ab30f565e33c4 3.0/rpms/php-mysqli-5.0.4-18tr.i586.rpm
e8b56844a378daf873ac19e6f994ebf5 3.0/rpms/php-pgsql-5.0.4-18tr.i586.rpm
a6f4aee28a03061c59a36bf6d4ad02ab 3.0/rpms/php-snmp-5.0.4-18tr.i586.rpm
ea1f6e176ab58d49992ab9b77cddee59 3.0/rpms/php-zlib-5.0.4-18tr.i586.rpm
e5eab98dd2144e0021e5982837243441 3.0/rpms/python-2.3.5-4tr.i586.rpm
875a18abf256761ab09637415872bd05 3.0/rpms/python-devel-2.3.5-4tr.i586.rpm
3ed732703dd10dddb53cb42a9b53837d 3.0/rpms/python-docs-2.3.5-4tr.i586.rpm
5b3b80b3997c473be971b438c89ac82b 3.0/rpms/python-gdbm-2.3.5-4tr.i586.rpm
3628cc5e52fc7ed9b32989c3d937c113 3.0/rpms/python-idle-2.3.5-4tr.i586.rpm
cf757718acabf792c194c2cdd6604b6f 3.0/rpms/python-modules-2.3.5-4tr.i586.rpm
d8069bab7a2d0998c676a97d994fc5dc 2.2/rpms/apache-2.0.54-7tr.i586.rpm
991acb5a6e9342624309b910cbcf625a 2.2/rpms/apache-dbm-2.0.54-7tr.i586.rpm
de932d3a16ede3dd266e7e557c3914ab 2.2/rpms/apache-devel-2.0.54-7tr.i586.rpm
c76a53cddadf1e43536f857c7cf1c74c 2.2/rpms/apache-html-2.0.54-7tr.i586.rpm
7291fdab715029bf3ac732560741b571 2.2/rpms/apache-manual-2.0.54-7tr.i586.rpm
f864cee72095578afec3344be6852072 2.2/rpms/apache-suexec-2.0.54-7tr.i586.rpm
a4632c0477a392d19a5d1d6e16ecadef 2.2/rpms/cvs-1.12.12-4tr.i586.rpm
71e87513eafb4030eb7f7b1bbb762cbc 2.2/rpms/cvs-contrib-1.12.12-4tr.i586.rpm
dff79aee0cfe7d1f6c4c381eaf94d9f8 2.2/rpms/cvs-pserver-1.12.12-4tr.i586.rpm
de255b7dd4f9c8973de95db8869c6713 2.2/rpms/pcre-5.0-2tr.i586.rpm
0f432310686e233bc13eeefeffb11584 2.2/rpms/pcre-devel-5.0-2tr.i586.rpm
4c88f185845cae29758f73b22fb3c47d 2.2/rpms/php-5.0.4-11tr.i586.rpm
c1e6f1ba06918906cf39d487e9b4b5f3 2.2/rpms/php-cli-5.0.4-11tr.i586.rpm
c26ae88f45f5d151f1fecf82b2d51675 2.2/rpms/php-curl-5.0.4-11tr.i586.rpm
bffe73ac3fae883f3d11073b7f1ca1d2 2.2/rpms/php-devel-5.0.4-11tr.i586.rpm
77df2f5e5d265705aabbf8d9d90868d7 2.2/rpms/php-exif-5.0.4-11tr.i586.rpm
57ee06a4fa00fd282c3ab64e7f87ebe0 2.2/rpms/php-fcgi-5.0.4-11tr.i586.rpm
0133da2237dc6bca3ca538e110b5952d 2.2/rpms/php-gd-5.0.4-11tr.i586.rpm
75bd17ba0ea16400b2515b3090996cce 2.2/rpms/php-imap-5.0.4-11tr.i586.rpm
3d6efccf9e94d210289ae1e756cd085e 2.2/rpms/php-ldap-5.0.4-11tr.i586.rpm
8246e50f68916faac6c0a3c153663e83 2.2/rpms/php-mhash-5.0.4-11tr.i586.rpm
58600aa04f0bd9e960a5159af9a01449 2.2/rpms/php-mysql-5.0.4-11tr.i586.rpm
03bb910ce9683c15c805a9a58fdefaab 2.2/rpms/php-mysqli-5.0.4-11tr.i586.rpm
ba4315bd4320345f60df34e00b968082 2.2/rpms/php-pgsql-5.0.4-11tr.i586.rpm
ac19bd001f0e64f0366dcc05f8cbf6a6 2.2/rpms/php-zlib-5.0.4-11tr.i586.rpm
2f4f281a71f0c6309dca8ec29f02d854 2.2/rpms/php4-4.4.0-5tr.i586.rpm
24737dc7746e3299c6727c49cdd56648 2.2/rpms/php4-cli-4.4.0-5tr.i586.rpm
cff67cd7148f5ebec073908b99077590 2.2/rpms/php4-curl-4.4.0-5tr.i586.rpm
71e769cbb260064a91e716941538d519 2.2/rpms/php4-devel-4.4.0-5tr.i586.rpm
78e293b0c6f8dada3b0a188213b7e3a9 2.2/rpms/php4-domxml-4.4.0-5tr.i586.rpm
2b5e39f2bdc0e8854a1f878a56d4c5d6 2.2/rpms/php4-exif-4.4.0-5tr.i586.rpm
9801002543272a72639efb5fdeb16adc 2.2/rpms/php4-fcgi-4.4.0-5tr.i586.rpm
3e12f2c33a3edc52b9824286e5c0211c 2.2/rpms/php4-gd-4.4.0-5tr.i586.rpm
e7d73a36595dbaadd0332c98db7d1c6a 2.2/rpms/php4-imap-4.4.0-5tr.i586.rpm
0a7f8254c9d6bc4f964a6b0d807ec62c 2.2/rpms/php4-ldap-4.4.0-5tr.i586.rpm
178d08ebd3ee203b7954293e26279a0e 2.2/rpms/php4-mhash-4.4.0-5tr.i586.rpm
d6bf41ecd9d979e1e5eb360dccb8824e 2.2/rpms/php4-mysql-4.4.0-5tr.i586.rpm
6b17e937e05e3d13131ac784948c5a02 2.2/rpms/php4-pgsql-4.4.0-5tr.i586.rpm
8f01c6b97faa83ee06891f87c29d89e0 2.2/rpms/php4-test-4.4.0-5tr.i586.rpm
9c42310ef3239595ec2aef15141b7e47 2.2/rpms/python-2.2.3-16tr.i586.rpm
54182de23c4c394ab446a9bef7c3ed28 2.2/rpms/python-dbm-2.2.3-16tr.i586.rpm
3206ce355a52cb25b9e109e896420450 2.2/rpms/python-devel-2.2.3-16tr.i586.rpm
e16a362443afcc7d422640a8de3199da 2.2/rpms/python-docs-2.2.3-16tr.i586.rpm
af4292a27de47e60fa08f841c79c630d 2.2/rpms/python-gdbm-2.2.3-16tr.i586.rpm
76034266f9e776233e54274b69bbca3d 2.2/rpms/python-modules-2.2.3-16tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDFzBni8CEzsK9IksRAidKAJ4xAmzNGZYk/No0uM3pAC3f2O+m7wCeNsQr
sklL5QyZNUOdhyxe0AccUls=
=pcla
-----END PGP SIGNATURE-----
_______________________________________________
tsl-announce mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-announce
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss
