From tsl@trustix.org Mon Jun 13 16:32:26 2005 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Mon, 13 Jun 2005 18:30:50 +0200 Subject: TSL-2005-0028 - multi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0028 Package name: kerberos5, mailman, mod_perl, openssl, php, spamassassin, tcpdump, telnet, wget Summary: Multiple security updates Date: 2005-06-13 Affected versions: Trustix Secure Linux 2.1 Trustix Secure Linux 2.2 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: kerberos5: (MIT) Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well. mailman: Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the Web. Mailman also integrates most things people want to do with mailing lists, including archiving, mail <-> news gateways, and so on. When the package has finished installing, you sould read README.TRUSTIX for further instructions. Users upgrading from previous releases of this package may need to move their data or adjust the configuration files to point to the locations where their data is. mod_perl: Mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. Mod_perl links the Perl runtime library into the Apache web server and provides an object-oriented Perl interface for Apache's C language API. The end result is a quicker CGI script turnaround process, since no external Perl interpreter has to be started. Install mod_perl if you're installing the Apache web server and you'd like for it to directly incorporate a Perl interpreter. openssl: A C library that provides various crytographic algorithms and protocols, including DES, RC4, RSA, and SSL. Includes shared libraries. php: PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages. spamassassin: SpamAssassin provides you with a way to reduce, if not completely eliminate, Unsolicited Bulk Email (or "spam") from your incoming email. It can be invoked by a MDA such as sendmail or postfix, or can be called from a procmail script, .forward file, etc. It uses a genetic-algorithm-evolved scoring system to identify messages which look spammy, then adds headers to the message so they can be filtered by the user's mail reading software. This distribution includes the spamd/spamc components which considerably speeds processing of mail. tcpdump: Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. telnet: Telnet is a popular protocol for logging into remote systems over the Internet. The telnet package provides a command line telnet client. Install the telnet package if you want to telnet to remote machines. wget: GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. Install wget if you need to retrieve large numbers of files with HTTP or FTP, or if you need a utility for mirroring web sites or FTP directories. Problem description: kerberos5: - Security Fix: Buffer overflows in telnet client - The telnet client program supplied with MIT Kerberos 5 has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0469 and CAN-2005-0468 to this issue. mailman: - Fixing spool fcron directory for mailman - Cleanup of byte compiled python modules from spec - /etc/postfix/aliases should be updated with mailman settings - Restart only on upgrade situation, otherwise off. mod_perl: - Rebuilt on perl for effect changes in CGI.pm openssl: - Security Fix: Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys. The OpenSSL library has been patched to add a new fixed-window mod_exp implementation as default for RSA, DSA, and DH private key operations. The patch was designed to mitigate cache timing and possibly related attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0109 to this issue. php: - Added libxml2-devel, freetype, mhash-devel in buildrequires Bug #877 spamassassin: - New upstream tcpdump: - Fixed DOS Vulnerability, A vulnerability was identified in tcpdump, which may be exploited by attackers to cause a denial of service. This flaw resides in the "bgp_update_print()" function (print-bgp.c) that does not properly handle a specially crafted value returned by the "decode_prefix4()" function when processing BGP packets, which may be exploited by a remote attacker to cause the application to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1267 to this issue. telnet: - Security Fix: Buffer overflows in telnet client - The telnet client program supplied with MIT Kerberos 5 has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0469 and CAN-2005-0468 to these issues. wget: - Security Fix: wget allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. - wget does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1487 and CAN-2004-1487 to these issues. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at , and or directly at MD5sums of the packages: - - -------------------------------------------------------------------------- 72b83559432e2b3cd4c1fb13cda62c76 2.1/rpms/kerberos5-1.3.6-2tr.i586.rpm da4e53a507888c7ce9240cf3aec02eca 2.1/rpms/kerberos5-devel-1.3.6-2tr.i586.rpm e9d1f573cac7cec7f8b7246f384100f0 2.1/rpms/kerberos5-libs-1.3.6-2tr.i586.rpm 97f3575780ac23c2dd618afbd560a77d 2.1/rpms/openssl-0.9.7c-15tr.i586.rpm 4b05fe95ea42e75a24bda5b94f2ba878 2.1/rpms/openssl-devel-0.9.7c-15tr.i586.rpm d70db44a9c9fe6ea3f3a931ddf27e47e 2.1/rpms/openssl-python-0.9.7c-15tr.i586.rpm c4eef9cf08e8f0a5abb3fc938c452b84 2.1/rpms/openssl-support-0.9.7c-15tr.i586.rpm 2cad69103f3a9f4fcbfe8a126fbcbe24 2.1/rpms/tcpdump-3.8.2-4tr.i586.rpm af59bf35fb27a7bdb4ee1f71eca35323 2.1/rpms/telnet-0.17-10tr.i586.rpm 0f1eb943233d1be85d3bd1433c03d20a 2.1/rpms/wget-1.9.1-5tr.i586.rpm ecd66a67ee25ac62586e8bbb1a86f84b 2.2/rpms/kerberos5-1.3.6-3tr.i586.rpm 8b9a590e6c1d5d9f0aae22a8a9f86061 2.2/rpms/kerberos5-devel-1.3.6-3tr.i586.rpm caa1b8af8b02dbdf93263af1c473c5fc 2.2/rpms/kerberos5-libs-1.3.6-3tr.i586.rpm 8c4cbeaaf7a5b61316cc0262fc827321 2.2/rpms/mailman-2.1.6-2tr.i586.rpm df09d4f71359264f9150b8f5b363c237 2.2/rpms/mailman-ca-2.1.6-2tr.i586.rpm b652a1c0ec8cf62963415ad057f501f4 2.2/rpms/mailman-cs-2.1.6-2tr.i586.rpm e6a5b108cc181f90119925fd1b217cfa 2.2/rpms/mailman-de-2.1.6-2tr.i586.rpm 5ee0e5f1e6a07ba627049290631cba72 2.2/rpms/mailman-es-2.1.6-2tr.i586.rpm b44880f28113f9825237e998f89344da 2.2/rpms/mailman-et-2.1.6-2tr.i586.rpm e15efd4f216ef4c255d7a5bca9b71edb 2.2/rpms/mailman-eu-2.1.6-2tr.i586.rpm 025b9b639a3a2a4b356ed9d405e742af 2.2/rpms/mailman-fi-2.1.6-2tr.i586.rpm bdd6e269718ff3cbd03de8969262b02b 2.2/rpms/mailman-fr-2.1.6-2tr.i586.rpm 01f2365e966b9c6aaede9cd9fab6c801 2.2/rpms/mailman-hr-2.1.6-2tr.i586.rpm cf0e71b55b1bd0754265399f55d06d66 2.2/rpms/mailman-hu-2.1.6-2tr.i586.rpm 4c8be60857c888ed6c922c56602e64e3 2.2/rpms/mailman-it-2.1.6-2tr.i586.rpm 31f4b4bed3ad53fafeb51c45025c4dc7 2.2/rpms/mailman-ja-2.1.6-2tr.i586.rpm 490f7b37d351eb832c2d6b2f7b73b4dd 2.2/rpms/mailman-ko-2.1.6-2tr.i586.rpm 2af6991bf0211dbfaeec9465084d2711 2.2/rpms/mailman-lt-2.1.6-2tr.i586.rpm 7d1af2f5351a864b63add49f1bf1b85b 2.2/rpms/mailman-nl-2.1.6-2tr.i586.rpm 8102864953c4934677c1945a8c990080 2.2/rpms/mailman-no-2.1.6-2tr.i586.rpm 5093c4bf9272e09cb74f393fc00fb1f7 2.2/rpms/mailman-pl-2.1.6-2tr.i586.rpm eff607f4f63fb5ed177992549db21a8f 2.2/rpms/mailman-pt-2.1.6-2tr.i586.rpm f614463d17f618c46653469a04f0950a 2.2/rpms/mailman-pt_BR-2.1.6-2tr.i586.rpm 0c340be1bcde1907fbe713ab08684326 2.2/rpms/mailman-ro-2.1.6-2tr.i586.rpm ceaaec39dcdbfc1abed5982b284a0018 2.2/rpms/mailman-ru-2.1.6-2tr.i586.rpm 73881013347bb2f88a594f35b04adfdc 2.2/rpms/mailman-sl-2.1.6-2tr.i586.rpm 713f7808004802db8b6f94ba9494f81c 2.2/rpms/mailman-sr-2.1.6-2tr.i586.rpm 670e07fab384f96b377ad7403a6ac375 2.2/rpms/mailman-sv-2.1.6-2tr.i586.rpm 93694b7cd4b069b59dbd2b4c89d4ace5 2.2/rpms/mailman-uk-2.1.6-2tr.i586.rpm eaca81c60604708f184317762875f906 2.2/rpms/mailman-zh_CN-2.1.6-2tr.i586.rpm 18edd002b5e956dc3e26293f7a87d7d0 2.2/rpms/mailman-zh_TW-2.1.6-2tr.i586.rpm 7455de58aeb707b56a2ef2d772ee21fe 2.2/rpms/mod_perl-2.0.0-4tr.i586.rpm 8b640e36654334ab6c524e2a69f3845b 2.2/rpms/mod_perl-devel-2.0.0-4tr.i586.rpm 8d91c26a7a8e1e6869603eb731fb3920 2.2/rpms/openssl-0.9.7e-5tr.i586.rpm eff12f0809681a1aa646a8d40402cd84 2.2/rpms/openssl-devel-0.9.7e-5tr.i586.rpm f31b3995844b01ff70ee4babbb33aadc 2.2/rpms/openssl-python-0.9.7e-5tr.i586.rpm ed3e51ee5ae28271a4e0dadc84a8a3db 2.2/rpms/openssl-support-0.9.7e-5tr.i586.rpm 0a99f72e97a17e7446e66d3feb3343cc 2.2/rpms/perl-mail-spamassassin-3.0.4-2tr.i586.rpm 2115fa5b359f055604126403c831223b 2.2/rpms/php-5.0.4-5tr.i586.rpm c7ddf6bd143062f7acacc3acc4b603b1 2.2/rpms/php-cli-5.0.4-5tr.i586.rpm c2cd2ee346da6a8d227de4072621d7e6 2.2/rpms/php-devel-5.0.4-5tr.i586.rpm ad34557d39bea20b05619169d1503449 2.2/rpms/php-exif-5.0.4-5tr.i586.rpm aae4bb96af0a7ecce1b9cf7197cbc9b5 2.2/rpms/php-gd-5.0.4-5tr.i586.rpm afc5cd61b7ce965c68b6c934c40b4f25 2.2/rpms/php-imap-5.0.4-5tr.i586.rpm 3ce4e28315f689df4daa131ff37f9403 2.2/rpms/php-ldap-5.0.4-5tr.i586.rpm 61e3ed02464de8a3814549fc012e8e46 2.2/rpms/php-mhash-5.0.4-5tr.i586.rpm f8200109e430485062480a2ae38bf15a 2.2/rpms/php-mysql-5.0.4-5tr.i586.rpm 413ff2c47ca8cb10aaa6662f219a6488 2.2/rpms/php-mysqli-5.0.4-5tr.i586.rpm b32ed93168d690cff6aa6e8e8fee6c88 2.2/rpms/php-pgsql-5.0.4-5tr.i586.rpm 924957152b474cbbadb799df5643bc8f 2.2/rpms/php-zlib-5.0.4-5tr.i586.rpm a5b4ef97e3ab173673eecab250370c61 2.2/rpms/spamassassin-3.0.4-2tr.i586.rpm c3191e5e68b24ebf98950da5389ffbd5 2.2/rpms/spamassassin-tools-3.0.4-2tr.i586.rpm e0271c8100d3c4234a10894c3921b306 2.2/rpms/tcpdump-3.8.3-3tr.i586.rpm 57407dc243e9bde7ac78f868bcbbe2be 2.2/rpms/telnet-0.17-10tr.i586.rpm b659e0611977d61c9d012235e16da8a1 2.2/rpms/wget-1.9.1-7tr.i586.rpm - - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFCrbOTi8CEzsK9IksRAm6nAJwMltVWAgGQPPvBnghMhlt2QQjoTACgmk7t gpfTmuq2L+SxBF//eKLo4KU= =k3s3 -----END PGP SIGNATURE-----