From tsl@trustix.org Tue May 31 11:43:01 2005 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Tue, 31 May 2005 15:31:06 +0200 Subject: TSL-2005-0026 - multi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Bugfix Advisory #2005-0026 Package name: anaconda bittorrent iptables lilo mod_perl openldap php php4 pptpd samba squid Summary: Package fixes Date: 2005-05-31 Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux 2.2 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: anaconda: The anaconda package contains portions of the Trustix Secure Linux installation program which can then be run by the user for reconfiguration and advanced installation options. Based on Red Hat anaconda 7.2 and 7.3 bittorrent: BitTorrent gives you the same freedom to publish previously enjoyed by only a select few with special equipment and lots of money. You have something terrific to publish -- a large music or video file, software, a game or anything else that many people would like to have. But the more popular your file becomes, the more you are punished by soaring bandwidth costs. If your file becomes phenomenally successful and a flash crowd of hundreds or thousands try to get it at once, your server simply crashes and no one gets it. There is a solution to this vicious cycle. BitTorrent, the result of over two years of intensive development, is a simple and free software product that addresses all of these problems. iptables: The iptables utility controls the network packet filtering code in the Linux kernel. If you need to set up firewalls and/or IP masquerading, you must install this package. lilo: LILO (LInux LOader) is a basic system program which boots your Linux system. LILO loads the Linux kernel from a floppy or a hard drive, boots the kernel and passes control of the system to the kernel. LILO can also boot other operating systems. mod_perl: Mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. openldap: LDAP servers and clients, as well as interfaces to other protocols. Note that this does not include the slapd interface to X.500 and therefore does not require the ISODE package. php: PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages. php4: PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages. pptpd: PPTPd, Point-to-Point Tunnelling Protocol Daemon, offers out connections to pptp clients to become virtual members of the IP pool owned by the pptp server. In effect, these clients become virtual members of the local subnet, regardless of what their real IP address is. A tunnel is built between the pptp server and client, and packets from the subnet are wrapped and passed between server and client similar to other C/S protocols. samba: Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. squid: Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Problem description: anaconda: - Removed unneeded import todo from check-repository.py. Fix Bug #783. bittorrent: - New upstream - Fixed %preun to perform actions on uninstall - Fixed init script to correct sysconfig usage and have a working init script. iptables: - Make initscripts actually use their config files. lilo: - Added MAN_DIR=/usr/share/man during make install stage mod_perl: - New Upstream. openldap: - Rebuilt with --enable-crypt. Fix Bug #718. php: - Added mhash support, Bug #748 php4: - Added mhash support, Bug #748 pptpd: - Made changes in pptpd.init to specify right start and kill priority Bug#711, Bug#708. samba: - Installed pam_smbpass.so to RPM_BUILD_ROOT and bundled with samba. (Fix Bug #753) squid: - New Upstream - Fixed a Set-Cookie race condition causing inconsistent cache behaviour - Abort on misconfigured http_access rules to prevent unexpected results from partial configuration - FTP directory listings corrected again (broken by 2.5.STABLE9) - Support for proxying huge objects greater than 2GB in size Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 05332867d7b49cbb38c017d228219e40 2.2/rpms/anaconda-7.2.4-9tr.i586.rpm 43d1ad2c00f832b1f04fdafeba4264b1 2.2/rpms/anaconda-runtime-7.2.4-9tr.i586.rpm 5a97b5dee1f3edaa1ed1f034c9123ea8 2.2/rpms/bittorrent-4.0.2-1tr.i586.rpm a800f37848a12f63141e9f5caec92257 2.2/rpms/iptables-1.2.11-5tr.i586.rpm 0a3778f3cb360a116eafd38cb3027c00 2.2/rpms/iptables-devel-1.2.11-5tr.i586.rpm 70e73eac0ebf86cb2d043026797e0578 2.2/rpms/iptables-ipv6-1.2.11-5tr.i586.rpm 59b10562349108a7cde08c1dcbd7437d 2.2/rpms/lilo-0.22.6-2tr.i586.rpm cd64adc177136e10d5a3499beed8b46b 2.2/rpms/lilo-perl-0.22.6-2tr.i586.rpm 2a9fa60971a00b5d4c577e836a05abd1 2.2/rpms/mod_perl-2.0.0-1tr.i586.rpm 0f20bb6ebf2971195e82e51e120f466b 2.2/rpms/mod_perl-devel-2.0.0-1tr.i586.rpm 6a8b5f7f20eb5070f6510fc0828492e9 2.2/rpms/openldap-2.1.30-4tr.i586.rpm 2cc98316c5d84dab7dfc2ad1c021b777 2.2/rpms/openldap-devel-2.1.30-4tr.i586.rpm 812ad8aff0ff8a2fac2bc211c8d685af 2.2/rpms/openldap-libs-2.1.30-4tr.i586.rpm 742e4ffa02202dae66d64d3f24f24687 2.2/rpms/openldap-servers-2.1.30-4tr.i586.rpm c1d4cf023ee2a3aafb18d016125ec3d4 2.2/rpms/openldap-utils-2.1.30-4tr.i586.rpm 7018b7dcdd67e583747b2acaf845e509 2.2/rpms/php-5.0.4-4tr.i586.rpm 867e6e5dc80aa3e517ee885092cfd211 2.2/rpms/php-cli-5.0.4-4tr.i586.rpm 29f866f1336ac6dd83c6ddcae34311d4 2.2/rpms/php-devel-5.0.4-4tr.i586.rpm e6bea8cbd4093ef73ac88ea5777aa28d 2.2/rpms/php-exif-5.0.4-4tr.i586.rpm 4948caa62a765d0beecd63b77e0cbc35 2.2/rpms/php-gd-5.0.4-4tr.i586.rpm 50853c69041b4d3478bdbc3f00bbee0f 2.2/rpms/php-imap-5.0.4-4tr.i586.rpm f81975056fb9a8a535ba156d95cf13a1 2.2/rpms/php-ldap-5.0.4-4tr.i586.rpm 3a7879cda57a0747cee14175a2fc9243 2.2/rpms/php-mhash-5.0.4-4tr.i586.rpm fefaeaaa2bfc568595064eba4524c2d1 2.2/rpms/php-mysql-5.0.4-4tr.i586.rpm 5cf90824511326991347a2db35140cb8 2.2/rpms/php-mysqli-5.0.4-4tr.i586.rpm 3843cbda9c1e0fcc2b9f545e5b05d0bc 2.2/rpms/php-pgsql-5.0.4-4tr.i586.rpm 0aa31d45a2af7ec57d8e0be19828333e 2.2/rpms/php-zlib-5.0.4-4tr.i586.rpm e74dc0f031f99b57045471bfaf050d3a 2.2/rpms/php4-4.3.11-3tr.i586.rpm ab3e19286f6025298b7fa3953c184a7c 2.2/rpms/php4-cli-4.3.11-3tr.i586.rpm f10be1388c55551b05582a09c18ac1d4 2.2/rpms/php4-devel-4.3.11-3tr.i586.rpm af14a8cea7e2ba4211c181e91d165625 2.2/rpms/php4-domxml-4.3.11-3tr.i586.rpm 38364e451047515b4bf9d96fb4407559 2.2/rpms/php4-exif-4.3.11-3tr.i586.rpm e3b98644c32126894b90a76cc2f07292 2.2/rpms/php4-gd-4.3.11-3tr.i586.rpm cb40b167547c68e8a6802b6eba47b8ed 2.2/rpms/php4-imap-4.3.11-3tr.i586.rpm c13d8f9a6d896cddeeb8d732f8ab71ce 2.2/rpms/php4-ldap-4.3.11-3tr.i586.rpm bfa53edc66ced913a57a1cb7a3dc2918 2.2/rpms/php4-mhash-4.3.11-3tr.i586.rpm db5e96f4542198abd86c185cf204f7e6 2.2/rpms/php4-mysql-4.3.11-3tr.i586.rpm 9fccec6bea2082e87f8e517f598c9c7d 2.2/rpms/php4-pgsql-4.3.11-3tr.i586.rpm 626c57931086c3935ba30ddbfa46f363 2.2/rpms/php4-test-4.3.11-3tr.i586.rpm 7472afc8897144a4ff9e3c0644f040ee 2.2/rpms/pptpd-1.1.4-3tr.i586.rpm e230e3dd0a60e29ef04d1c7b4f64e5c7 2.2/rpms/samba-3.0.14a-2tr.i586.rpm d4d93b879478f6a7564a8a867857c07c 2.2/rpms/samba-client-3.0.14a-2tr.i586.rpm e3e6fcbbf6125b1222c775acfc743a37 2.2/rpms/samba-common-3.0.14a-2tr.i586.rpm 63e7a6dca495a34b5f502f802206055f 2.2/rpms/samba-mysql-3.0.14a-2tr.i586.rpm de83e19d4ecdaef2fcedd252b6eba547 2.2/rpms/squid-2.5.STABLE10-1tr.i586.rpm 279bdc8be90d4625dad896dd5bd604ab 2.1/rpms/binutils-2.14-4tr.i586.rpm 243cf673f12016952a8e3d9640a6b354 2.1/rpms/openldap-2.1.25-4tr.i586.rpm f6e8e453321429bf6d3545c9006f9245 2.1/rpms/openldap-devel-2.1.25-4tr.i586.rpm 0e382017971f827c9c6c072cc29a9b48 2.1/rpms/openldap-libs-2.1.25-4tr.i586.rpm 46bc44dad103772b203cf15a0c3a1d76 2.1/rpms/openldap-servers-2.1.25-4tr.i586.rpm c7684b7d4679195de0a0e6dc55da1961 2.1/rpms/openldap-utils-2.1.25-4tr.i586.rpm 61745b3d346a03e9e9d995a72131add9 2.1/rpms/samba-3.0.14a-2tr.i586.rpm 036368a7983d2668a6e8ff2702711021 2.1/rpms/samba-client-3.0.14a-2tr.i586.rpm 2cbdfef7a5e6f03a50da375d9e4edd1b 2.1/rpms/samba-common-3.0.14a-2tr.i586.rpm e6bf4257d31c53da3e77a0034fa4d1bc 2.1/rpms/samba-mysql-3.0.14a-2tr.i586.rpm f99d7d2f2e0ae117b506c9f8b4279ca2 2.1/rpms/squid-2.5.STABLE10-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCnGV9i8CEzsK9IksRAt7XAKCsvMfhKzPmJ660R6JqTcWklWrPhgCfayaX avgpjpHg65s0EcdY+kg9kA4= =IYYB -----END PGP SIGNATURE-----