From tsl@trustix.org Fri Oct 15 17:11:30 2004 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Fri, 15 Oct 2004 15:20:15 +0200 Subject: TSLSA-2004-0054 - multi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2004-0054 Package name: libtiff, mysql, squid, cyrus-sasl Summary: Multiple security vulnerabilities Date: 2004-10-15 Affected versions: Trustix Secure Linux 1.5 Trustix Secure Linux 2.0 Trustix Secure Linux 2.1 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: libtiff: The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. mysql: MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. squid: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. cyrus-sasl: The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. Problem description: libtiff: Chris Evans and Dmitry V. Levin discovered some security holes in libtiff. CAN-2004-0803 Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. CAN-2004-0886 Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. mysql: Martin Schulze pointed to several issues that had been fixed in the upstream mysql source. CAN-2004-0835 Oleksandr Byelkin noticed that ALTER TABLE ... RENAME checks CREATE/INSERT rights of the old table instead of the new one. CAN-2004-0836 Lukasz Wojtow noticed a buffer overrun in the mysql_real_connect function. CAN-2004-0837 Dean Ellis noticed that multiple threads ALTERing the same (or different) MERGE tables to change the UNION can cause the server to crash or stall. Issues with no CVE number: Crash with MATCH..AGAINST (denial of service) http://bugs.mysql.com/bug.php?id=3870 Privilege Escalation on GRANT ALL ON `Foo\_Bar` Changelog: Fixed bug in privilege checking where, under some conditions, one was able to grant privileges on the database, he has no privileges on. http://bugs.mysql.com/bug.php?id=3933 http://mysql.bkbits.net:8080/mysql-4.0/patch@1.1844.5.1 squid: iDefense reported that remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. For a thorough description, see iDEFENSE Security Advisory 10.11.04: http://www.idefense.com/application/poi/display?id=152&type=vulnerabilities cyrus-sasl: A packaging bug in our cyrus-sasl package failed to properly mark /etc/sysconfig/saslauthd as a config file. This caused the file to be replaced on package upgrades. People upgrading this package should backup this file before upgrading. # cp /etc/sysconfig/saslauthd /etc/sysconfig/saslauthd.bak # swup --upgrade # mv /etc/sysconfig/saslauthd.bak /etc/sysconfig/saslauthd Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at , and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- e17423f83c313fb953c8de2031ece017 1.5/rpms/mysql-3.23.58-3tr.i586.rpm e6e85b0791d6f6fe183c127183b73a70 1.5/rpms/mysql-bench-3.23.58-3tr.i586.rpm 8db48bd4226c057870ce94ed8c043fcf 1.5/rpms/mysql-client-3.23.58-3tr.i586.rpm 1db7300aec9d477c40cf9fc96616474c 1.5/rpms/mysql-devel-3.23.58-3tr.i586.rpm 9bc89e2b9b02b0fabfe78be027ab96de 1.5/rpms/mysql-shared-3.23.58-3tr.i586.rpm 5ef00406ccb3d9825a388c7f4b401484 2.0/rpms/cyrus-sasl-2.1.15-6tr.i586.rpm 1e4da6c6b8f2e3c47fd6661993bd6edb 2.0/rpms/cyrus-sasl-devel-2.1.15-6tr.i586.rpm 7fbbf019d54db2763ea97eee62749549 2.0/rpms/cyrus-sasl-md5-2.1.15-6tr.i586.rpm c6e015aa0922ee21a2e91f2fc1b0845e 2.0/rpms/cyrus-sasl-mysql-2.1.15-6tr.i586.rpm 98769e69ea838bd460f32483e680482c 2.0/rpms/cyrus-sasl-otp-2.1.15-6tr.i586.rpm 6492d72704d0c9da2ac7ff3cd66cf05b 2.0/rpms/cyrus-sasl-plain-2.1.15-6tr.i586.rpm 06e12568436327608f46ac55de7a4d2a 2.0/rpms/cyrus-sasl-utils-2.1.15-6tr.i586.rpm 363d80fdb17e3329b6a4c663a838012e 2.0/rpms/libtiff-3.5.7-3tr.i586.rpm d21d6f339645e6b76edaabf75d2ed332 2.0/rpms/libtiff-devel-3.5.7-3tr.i586.rpm 124506998d5fa17268afa64aa753e202 2.0/rpms/mysql-4.0.21-0.1tr.i586.rpm af6273eacdaafa0bd9167d63ce87280b 2.0/rpms/mysql-bench-4.0.21-0.1tr.i586.rpm e24f06099575c78311db5929fc4aa61b 2.0/rpms/mysql-client-4.0.21-0.1tr.i586.rpm d254fb21eab8ed105ef6352189de5184 2.0/rpms/mysql-devel-4.0.21-0.1tr.i586.rpm 6f15ee0d812687ce71515ac92a417626 2.0/rpms/mysql-libs-4.0.21-0.1tr.i586.rpm f2b56feca39c723605ef8063dc0f6fa4 2.0/rpms/mysql-shared-4.0.21-0.1tr.i586.rpm f5d2df412c47252379e20aecd51e6158 2.0/rpms/squid-2.5.STABLE5-0.4tr.i586.rpm 795ff925c04b3e5bbc65116afcfaca51 2.1/rpms/cyrus-sasl-2.1.15-9tr.i586.rpm 1c3dc58f3b5f0cca652e91e2516da463 2.1/rpms/cyrus-sasl-devel-2.1.15-9tr.i586.rpm 0628ef12b40ee040359a6443337e3bb7 2.1/rpms/cyrus-sasl-md5-2.1.15-9tr.i586.rpm b0176d8fbd66c850b602cb7f6cb06cac 2.1/rpms/cyrus-sasl-mysql-2.1.15-9tr.i586.rpm 3a59c8d9212ef972b1f92c2faecb1098 2.1/rpms/cyrus-sasl-otp-2.1.15-9tr.i586.rpm 9e221235c180d4b1fbf10aa7da84072f 2.1/rpms/cyrus-sasl-plain-2.1.15-9tr.i586.rpm fa7fa0b50e24575717a2dfe81a5c0aca 2.1/rpms/cyrus-sasl-utils-2.1.15-9tr.i586.rpm 28b124045f1b08c41f31cad5f477e946 2.1/rpms/libtiff-3.6.1-1tr.i586.rpm df0412d063e00cdd7f77ac7b0ee09475 2.1/rpms/libtiff-devel-3.6.1-1tr.i586.rpm 25ff1c080c018e0df50076bb275bfc48 2.1/rpms/mysql-4.0.21-1tr.i586.rpm e06a597aa34673fa2800de5f11c574cc 2.1/rpms/mysql-bench-4.0.21-1tr.i586.rpm 6404892ca3c4f9db87590170ae8205a1 2.1/rpms/mysql-client-4.0.21-1tr.i586.rpm 974089aa572963aa1862f56ec10484cd 2.1/rpms/mysql-devel-4.0.21-1tr.i586.rpm c7606c11e5b8056f6bdd8fb0d5b3b911 2.1/rpms/mysql-libs-4.0.21-1tr.i586.rpm ea81a5507b5a119e54e892d7007398fa 2.1/rpms/mysql-shared-4.0.21-1tr.i586.rpm b79262c97f403fef93ff81b6ed97fdda 2.1/rpms/squid-2.5.STABLE5-7tr.i586.rpm 902af700f8d5b8e42f42fc980af7baf5 e-2/rpms/cyrus-sasl-2.1.15-9tr.i586.rpm b523bd6d33e3f403def7504ccd09d5bf e-2/rpms/cyrus-sasl-devel-2.1.15-9tr.i586.rpm bee5c941360f5e7ec2fbe028da109ad8 e-2/rpms/cyrus-sasl-md5-2.1.15-9tr.i586.rpm 56dc8561401a229c28fc390ef822fbd0 e-2/rpms/cyrus-sasl-mysql-2.1.15-9tr.i586.rpm 5c85271c3973e6de2a146d1c859399c3 e-2/rpms/cyrus-sasl-otp-2.1.15-9tr.i586.rpm e8b0ae2922863bb0a27cfad6e7940fb5 e-2/rpms/cyrus-sasl-plain-2.1.15-9tr.i586.rpm 625a62d5622c76fa7fa722df9f8a1137 e-2/rpms/cyrus-sasl-utils-2.1.15-9tr.i586.rpm 71d829a70088d6465dc6d961cd688a74 e-2/rpms/libtiff-3.6.1-1tr.i586.rpm 600fcea6fc1f306c1af45ded63c5e5dc e-2/rpms/libtiff-devel-3.6.1-1tr.i586.rpm f5df320337a0adfef8bc32a9dd358a02 e-2/rpms/mysql-4.0.21-1tr.i586.rpm ddf0e57abe19a3ae9b3687bb6470ac82 e-2/rpms/mysql-bench-4.0.21-1tr.i586.rpm f646939fe259bbfaf440da63851ecd0f e-2/rpms/mysql-client-4.0.21-1tr.i586.rpm 2e72249884599b0d96c0530a12ac06aa e-2/rpms/mysql-devel-4.0.21-1tr.i586.rpm 21f4a5f80a2c39d10604f56d635e90ce e-2/rpms/mysql-libs-4.0.21-1tr.i586.rpm 489439cb8550b074c9aac5bff7e0b3fd e-2/rpms/mysql-shared-4.0.21-1tr.i586.rpm c9bc4fa818bde8de2b5f76362daa04bf e-2/rpms/squid-2.5.STABLE5-7tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD4DBQFBb8oai8CEzsK9IksRAk1AAJ0cFvBrX0kS8qsVgtszQzfuxB7ixACVHuYZ oroJNl0opShrtxkye8zcKQ== =j3VP -----END PGP SIGNATURE-----