From tsl@trustix.org Thu Jul 14 16:52:17 2005 From: Trustix Security Advisor To: bugtraq@securityfocus.com Date: Thu, 14 Jul 2005 12:07:51 +0200 Subject: TSLSA-2005-0036 - multi -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0036 Package name: kerberos5, kernel, php4 Summary: Various security fixes Date: 2005-07-14 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: kerberos5: (MIT) Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well. kernel: The kernel package contains the Linux kernel (vmlinuz), the core of your Trustix Secure Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. php4: PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages. Problem description: kerberos5: - Double-free in krb5_recvauth (CAN-2005-1689). Buffer overflow, Heap corruption in KDC (CAN-2005-1174) and (CAN-2005-1175) Fixed Bug# 1073 and 1075 kernel: - Fixed Race condition within system calls (CAN-2005-1768). Fix Bug #1065. Critical and major fixes has been done. php4: - New Upstream - Security Bug Fix release to 4.3.11, Fix Bug #1064 Vendor update for XML_RPC to fix remote code execution vulnerability. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: The advisory itself is available from the errata pages at and or directly at MD5sums of the packages: - -------------------------------------------------------------------------- 1b7fe9c06bb4791df6d2e9e546ea775b 3.0/rpms/kerberos5-1.4.1-5tr.i586.rpm 4da5de7687952478f5629b01dc937d15 3.0/rpms/kerberos5-devel-1.4.1-5tr.i586.rpm a649e160958f628c959fbb27d5d2a689 3.0/rpms/kerberos5-libs-1.4.1-5tr.i586.rpm 3ee2030fdadca8409a62fc797f19cd68 2.2/rpms/kerberos5-1.3.6-5tr.i586.rpm 6e1278f8dc2edaed547d2039c8bffa2c 2.2/rpms/kerberos5-devel-1.3.6-5tr.i586.rpm eafdea3a4d558845a757dfe475069e74 2.2/rpms/kerberos5-libs-1.3.6-5tr.i586.rpm e8efd21c111e0c0f77ea6d5552ad9b28 kernel-2.4.31-4tr.i586.rpm 983172ad01677d9154bf2e8cb18e2c6e kernel-BOOT-2.4.31-4tr.i586.rpm 481b31855846891f8665963afb93fe1b kernel-doc-2.4.31-4tr.i586.rpm 5e02303168c0cbe74fc2ddc1b570f2e1 kernel-smp-2.4.31-4tr.i586.rpm 46edf8595351e06e25957d1faee90b22 kernel-source-2.4.31-4tr.i586.rpm 50d48f6ec84ed09548fd3326d83f54cc kernel-utils-2.4.31-4tr.i586.rpm 049887017b1c55f552c24d0bb3df68c4 2.2/rpms/php4-4.4.0-1tr.i586.rpm 5f46aa47bdec2e97dd2aa8981e3e9d8c 2.2/rpms/php4-cli-4.4.0-1tr.i586.rpm 92f291964bfed09c2691056caa74d0f8 2.2/rpms/php4-devel-4.4.0-1tr.i586.rpm eeebf3f79c167ac97f8b6b21cd283093 2.2/rpms/php4-domxml-4.4.0-1tr.i586.rpm 82f8464b62514f03edb657f0ad3a73d6 2.2/rpms/php4-exif-4.4.0-1tr.i586.rpm e19838578eeda827d3d8dd4c5a550f70 2.2/rpms/php4-gd-4.4.0-1tr.i586.rpm 2d9c339bf665c3f7f0cd99bf1d7e721b 2.2/rpms/php4-imap-4.4.0-1tr.i586.rpm 1e7c85aa84b204aef680a9e46e1ad29c 2.2/rpms/php4-ldap-4.4.0-1tr.i586.rpm 520993dd95b97d26b3152b023fdba9ef 2.2/rpms/php4-mhash-4.4.0-1tr.i586.rpm 557d7af7baeba9c5f055895049c678b2 2.2/rpms/php4-mysql-4.4.0-1tr.i586.rpm 2d0ccf253c097c48acad252e0c49e4cb 2.2/rpms/php4-pgsql-4.4.0-1tr.i586.rpm cf87ec3b86bcd1050609e193197034f1 2.2/rpms/php4-test-4.4.0-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFC1jlJi8CEzsK9IksRAjCzAJ0YgcXZST4ZqhlAp6QYcfHbiBDjKQCeI3kw 3dNme6eKVF7dEXjb0p3rplM= =khJE -----END PGP SIGNATURE-----