SUSE Security Summary Report SUSE-SR:2005:005
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Summary Report
Announcement-ID: SUSE-SR:2005:005
Date: Friday, Feb 18th 2005 18:00 MEST
Cross References: CAN-2004-1184
CAN-2004-1185
CAN-2004-1186
CAN-2005-0089
CAN-2005-0227
CAN-2005-0372
CAN-2003-0190
Content of this advisory:
1) solved security vulnerabilities:
- multiple enscript problems
- clamav update to 0.82
- postgresql LOAD vulnerability
- python: SimpleXMLRPCServer flaw
- openssh information leak
- gftp directory traversal
- openldap2 denial of service
2) pending vulnerabilities, solutions, workarounds:
- problems with kernel update for SUSE Linux 9.1
- IDN cloaking problems with all browsers
- multiple wget problems
- new PostgreSQL problems
- New kernel security problems
3) standard appendix (further information)
______________________________________________________________________________
1) solved security vulnerabilities
To avoid spamming lists with advisories for every small incident,
we will release weekly summary advisories for issues where we have
released updates without a full advisory. Since these are minor
issues, md5sums and ftp URLs are not included.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- Multiple enscript problems
The text to postscript converter enscript has several security
related problems, relating to input validation (CAN-2004-1184),
missing sanitizing of filenames (CAN-2004-1185) and multiple
buffer overflows (CAN-2004-1186).
All SUSE Linux based products were affected.
- clamav update to 0.82
The clamav virus scanner software was updated to 0.82, featuring
several scan engine improvements, especially for strangely formatted
mails.
SUSE Linux versions 9.1 and 9.2, and SUSE Linux Enterprise Server 9
were affected.
- postgresql LOAD vulnerability
A vulnerability in the PostgreSQL 'LOAD' statement was fixed.
This issue is tracked by the Mitre CVE ID CAN-2005-0227.
All SUSE Linux based products were affected.
- python: SimpleXMLRPCServer flaw
This update fixes a bug in the SimpleXMLRPCServer which
affects any program which allows remote untrusted users to
do unrestricted traversal. The vulnerability can be used to
access and change internal functions. This is tracked by the
Mitre CVE ID CAN-2005-0089.
All SUSE Linux based products were affected.
- openssh information leak
Openssh as shipped with SUSE Linux allows a possible timing
attack that could be abused remotely to determine existing users
on the system by watching replies to failed password attempts.
This is tracked by the Mitre CVE ID CAN-2003-0190.
Additionally the output of failing PAM sessions will now be
displayed and the terminal-setting for aborted login-sessions
will get restored correctly.
This bugfix was released for SUSE Linux 9.1, 9.2 and SUSE Linux
Enterprise Server 9.
- gftp directory traversal
Improper handling of filenames containing slashes allowed a
malicious ftp server to overwrite files in the system if the
user used gftp. This is tracked by the Mitre CVE ID
CAN-2005-0372.
SUSE Linux 9.1, 9.2 and Novell Linux Desktop 9 were affected.
- openldap2 denial of service
It was possible for a remote attacker to crash the openldap2
slapd LDAP server daemon by sending special query strings.
(No Mitre CVE ID was assigned to this issue, it is backport
from an upstream fix.)
Additionally this update fixes several bugs spotted during
Open Enterprise Server testing.
All SUSE Linux based products were affected.
______________________________________________________________________________
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- problems with kernel update for SUSE Linux 9.1
Several users of NVidia cards reported problems with the last SUSE
Linux 9.1 kernel update, leaving the screen black and the machine
hung after reboot.
We are working on a fix for this problem.
Up to then you can either use an older 9.1 kernel, or
compile the Nvidia driver for your own.
- multiple wget problems
We have still no solution for the wget issues as reported on Bugtraq:
http://www.securityfocus.com/archive/1/383998
- IDN (Internationalized Domain Name) cloaking / homograph attacks
Problems with the IDN / punycode handling that allows non-ASCII
domain names were reported for every browser.
We are aware of these issues and expect a good solution soon.
- new PostgreSQL problems
Additional PostgreSQL problems were reported:
- A local user could bypass the EXECUTE permission check for
functions by using the CREATE AGGREGATE command. CAN-2005-0244
- Multiple buffer overflows were found in PL/PgSQL. CAN-2005-0245,
CAN-2005-0247
- A flaw in contrib/intagg CAN-2005-0246
We are working on updates for this problem.
- New kernel security problems
New kernel security problems in regards to signedness issues have
been spotted by Georgi Guninski.
We are working on updates for this problems.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
participants (1)
-
Marcus Meissner