Information Security News mailing list archives
Linux Advisory Watch - March 02 2001
From: vuln-newsletter-admins () linuxsecurity com
Date: Fri, 2 Mar 2001 13:25:19 -0500
+----------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | March 2nd, 2001 Volume 2, Number 9a | +----------------------------------------------------------------+ Editors: Dave Wreski Benjamin Thomas dave () linuxsecurity com ben () linuxsecurity com Linux Advisory Watch is a comprehensive newsletter that outlines the security vulnerabilities that have been announced throughout the week. It includes pointers to updated packages and descriptions of each vulnerability. This week, advisories were released for sudo, dump, lpr, php, sumrpc, zope, and analog. The vendors include Conectiva, Debian, Immunix, FreeBSD, Mandrake, Red Hat, Slackware, and Trustix. It is critical that you update all vulnerable packages. *Linux 2.4: Next Generation Kernel Security * This document outlines the kernel security improvements that have been made in the 2.4 kernel. A number of significant improvements including cryptography and access control make 2.4 a serious contender for secure corporate environments as well as private virtual networking. http://www.linuxsecurity.com/feature_stories/kernel-24-security.html FREE SECURITY BOOKS - Guardian Digital has just announced an offer for free 2 free security books with the purchase of any secure Linux Lockbox. The Lockbox is an Open Source network server appliance engineered to be a complete secure e-business solution. It can be used as a commerce server, web server, DNS, mail, and database server. Please see Guardian Digital's website for details. http://www.guardiandigital.com/bookoffer.html HTML Version of Newsletter: http://www.linuxsecurity.com/vuln-newsletter.html +---------------------------------+ | Installing a new package: | ------------------------------// +---------------------------------+ # rpm -Uvh # dpkg -i Packages can be installed easily by using rpm (Red Hat Package Manager) or dpkg (Debian Package Manager). Most advisories issued by vendors are packaged in either an rpm or dpkg. Additional installation instructions can be found in the body of the Advisories. +---------------------------------+ | Checking Package Integrity: | -----------------------------// +---------------------------------+ The md5sum command is used to compute a 128-bit fingerprint that is strongly dependant upon the contents of the file to which it is applied. It can be used to compare against a previously-generated sum to determine whether the file has changed. It is commonly used to ensure the integrity of updated packages distributed by a vendor. # md5sum ebf0d4a0d236453f63a797ea20f0758b The string of numbers can then be compared against the MD5 checksum published by the packager. While it does not take into account the possibility that the same person that may have modified a package also may have modified the published checksum, it is especially useful for establishing a great deal of assurance in the integrity of a package before installing +---------------------------------+ | Conectiva | ----------------------------// +---------------------------------+ * Conectiva: 'sudo' buffer overflow February 26th, 2001 "sudo" is a program used to delegate superuser privileges to ordinary users and only for specific commands. There is a buffer overflow vulnerability in sudo which could be used by an attacker to obtain higher privileges. ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-1.6.3p6-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/6.0/RPMS/ sudo-doc-1.6.3p6-1cl.i386.rpm Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1170.html +---------------------------------+ | Debian | ----------------------------// +---------------------------------+ * Debian: 'sudo' buffer overflow February 28th, 2001 Todd Miller announced a new version of sudo which corrects a buffer overflow that could potentially be used to gain root privilages on the local system. The fix from sudo 1.6.3p6 is available in sudo 1.6.2p2-1potato1 for Debian 2.2 (potato). Alpha architecture: http://security.debian.org/debian-security/dists/stable/ updates/main/binary-alpha/sudo_1.6.2p2-1potato1_alpha.deb MD5 checksum: 16ff5db5460f787b859efc512b00fb32 Intel ia32 architecture: http://security.debian.org/debian-security/dists/ stable/updates/main/binary-i386/sudo_1.6.2p2-1potato1_i386.deb MD5 checksum: 837a528b2e0ad0971931794e1319b0f8 Vendor Advisory: http://www.linuxsecurity.com/advisories/debian_advisory-1177.html +---------------------------------+ | Immunix | ----------------------------// +---------------------------------+ * Immunix: 'sudo' buffer overflow February 28th, 2001 The version of sudo shipped in Immunix OS 7.0-beta and 7.0 contains a buffer overflow of a variable that is on the heap (which StackGuard does not protect against.) This problem was originally reported by Chris Wilson The 1.6.3p6 version of sudo was released to fix this problem. http://immunix.org/ImmunixOS/7.0/updates/RPMS/ sudo-1.6.3p6-1_imnx_1.i386.rpm 37ab56877a9f5444af8f7716117c8b8d Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1179.html * Immunix: 'dump' update; 'lpr' and 'php' vulnerabilities February 26th, 2001 The dump package shipped with Immunix OS 6.2 had setuid bits set on it. Also a buffer overflow was found in dump, but was stopped by StackGuard. A new package has been released. The lpr package shipped with Immunix OS 6.2 had a format string security bug, a potential race condition, and a few LPRng compatibility issues. A new package has been released fixing these problems. The php3 package shipped with Immunix OS 6.2 had a number of logic bugs, which this 3.0.18 release should solve PLEASE SEE VENDOR ADVISORY Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1173.html +---------------------------------+ | FreeBSD | ----------------------------// +---------------------------------+ * FreeBSD: 'sunrpc' DoS February 28th, 2001 A well known bug I first publicised back in 1998 still exists in the FreeBSD libc sunrpc code. Linux glibc, OpenBSD and possibly even Sun fixed the problem back in 1998 Vendor Advisory: http://www.linuxsecurity.com/advisories/freebsd_advisory-1178.html +---------------------------------+ | Mandrake | ----------------------------// +---------------------------------+ * Mandrake: 'sudo' buffer overflow February 26th, 2001 A buffer overflow exists in the sudo program which could be used by an attacker to obtain higher privileges. sudo is a program used to delegate superuser privileges to ordinary users and only for specific commands. 7.2/RPMS/sudo-1.6.3p6-1.1mdk.i586.rpm fe583824271ac2a5af6dd533027e8794 http://www.linux-mandrake.com/en/ftp.php3 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1172.html * Mandrake: 'zope' vulnerability February 26th, 2001 A new Hotfix for Zope has been released that fixes a very important security issue that affects all versions of Zope prior to and including 2.3.1b1. Users can use through-the-web scripting capabilities on a Zope site to view and assign class attributes to ZClasses, possibly allowing them to make inappropriate changes to ZClass instances. PLEASE SEE VENDOR ADVISORY FOR UPDATE http://www.linux-mandrake.com/en/ftp.php3 Vendor Advisory: http://www.linuxsecurity.com/advisories/mandrake_advisory-1175.html +---------------------------------+ | Red Hat | ----------------------------// +---------------------------------+ * Red Hat: 'zope' vulnerabilities February 26th, 2001 We *highly* recommend that any Zope site running versions of Zope up to and including 2.3.1 b1 have this hotfix product installed to mitigate these issues if the site is accessible by untrusted users who have through-the-web scripting privileges." PLEASE SEE VENDOR ADVISORY FOR COMPLETE UPDATE Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1171.html * Red Hat: 'analog' buffer overflow February 23rd, 2001 Previous releases of analog were vulnerable to a buffer overflow vulnerability where a malicious user could use an ALIAS command to construct very long strings which were not checked for length. ftp://updates.redhat.com/secureweb/2.0/i386/ analog-4.16-1.i386.rpm 5e52037dfd712a36a0aaec4b60bfba35 ftp://updates.redhat.com/secureweb/2.0/i386/ analog-form-4.16-1.i386.rpm d7e7b05487b8cc744d90de91e0e184eb Vendor Advisory: http://www.linuxsecurity.com/advisories/redhat_advisory-1168.html +---------------------------------+ | Slackware | ----------------------------// +---------------------------------+ * Slackware: 'sudo' buffer overflow February 26th, 2001 Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow, which could be used by malicious users to compromise parts of the system. If you rely on Sudo and use one of the above versions of Slackware, it is recommended that you upgrade to the new sudo.tgz package for the version you're running. ftp://ftp.slackware.com/pub/slackware/slackware-7.1/ patches/packages/sudo.tgz 8e5453142a9beab02384d26a323273eb Vendor Advisory: http://www.linuxsecurity.com/advisories/slackware_advisory-1169.html +---------------------------------+ | Trustix | ----------------------------// +---------------------------------+ * Trustix: 'sudo' buffer overflow February 26th, 2001 Trustix today released an updated version of the sudo package fixing a buffer overflow, as announced by the sudo maintainer Todd C. Miller. sudo-1.6.3p6-1tr.i586.rpm cc969c9746bea3ff01470c1eaf3ee415 ftp://ftp.trustix.net/pub/Trustix/updates/ Vendor Advisory: http://www.linuxsecurity.com/advisories/other_advisory-1174.html ------------------------------------------------------------------------ Distributed by: Guardian Digital, Inc. LinuxSecurity.com To unsubscribe email vuln-newsletter-request () linuxsecurity com with "unsubscribe" in the subject of the message. ------------------------------------------------------------------------ ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Linux Advisory Watch - March 02 2001 vuln-newsletter-admins (Mar 03)