[security-announce] SUSE Security Summary Report SUSE-SR:2008:017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2008:017
Date: Fri, 29 Aug 2008 14:00:00 +0000
Cross-References: CVE-2006-7232, CVE-2007-6389, CVE-2008-0564
CVE-2008-1142, CVE-2008-1145, CVE-2008-1447
CVE-2008-1468, CVE-2008-1679, CVE-2008-1887
CVE-2008-1891, CVE-2008-1927, CVE-2008-2079
CVE-2008-2315, CVE-2008-2316, CVE-2008-2662
CVE-2008-2663, CVE-2008-2664, CVE-2008-2725
CVE-2008-2726, CVE-2008-2727, CVE-2008-2728
CVE-2008-2827, CVE-2008-3137, CVE-2008-3138
CVE-2008-3139, CVE-2008-3140, CVE-2008-3141
CVE-2008-3142, CVE-2008-3143, CVE-2008-3144
CVE-2008-3145, CVE-2008-3146, CVE-2008-3337
CVE-2008-3746
Content of this advisory:
1) Solved Security Vulnerabilities:
- powerdns spoofing problems
- dnsmasq spoofing problems
- python multiple problems
- mailman cross site scripting
- ruby multiple problems
- Opera 9.52
- neon NULL pointer problem
- rxvt-unicode session hijacking
- perl multiple problems
- wireshark / ethereal multiple security problems
- namazu cross site scripting
- gnome-screensaver clipboard disclosure
- mysql security problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
None listed this week.
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list or
download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- powerdns spoofing problems
The PowerDNS packages were updated to offer better spoofing
resistance by not ignoring invalid queries. (CVE-2008-3337)
This problem affected only openSUSE 10.2 - 11.0.
- dnsmasq spoofing problems
The DNS server dnsmasq was changed to use random UDP source ports
and a random TRXID now. (CVE-2008-1447)
This problem only affected openSUSE 10.2 - 11.0.
- python multiple problems
The scripting language python was updated to fix several security
vulnerabilities. (CVE-2008-1679,CVE-2008-1887, CVE-2008-3143,
CVE-2008-3142, CVE-2008-3144, CVE-2008-2315, CVE-2008-2316)
All SUSE Linux products received updated python packages.
- mailman cross site scripting
The mailing list manager mailman was updated to fix a
cross-site-scripting bug (CVE-2008-0564) and a mistake in
translation.
All distributions containing mailman received updated packages.
- ruby multiple problems
The scripting language ruby was updated to fix:
- a possible information leakage (CVE-2008-1145)
- a directory traversal bug (CVE-2008-1891) in WEBrick
- various memory corruptions and integer overflows in array and
string handling (CVE-2008-2662, CVE-2008-2663, CVE-2008-2664,
CVE-2008-2725, CVE-2008-2726, CVE-2008-2727, CVE-2008-2728)
ruby was updated on all SUSE Linux products.
- Opera 9.52
Opera was upgraded to version 9.52 to fix possible security
vulnerabilities.
Please see http://www.opera.com/docs/changelogs/linux/952/ for
more details.
- neon NULL pointer problem
The helper library neon was updated to fix a NULL pointer dereference
in the digest authentication code. (CVE-2008-3746)
neon was updated on all affected distributions.
- rxvt-unicode session hijacking
Using rxvt-unicode it was possible to open a terminal on :0 when
the environment variable was not set.
This could be exploited by local users to hijack X11 connections (CVE-2008-1142).
rxvt-unicode was updated on openSUSE 10.2-11.0.
- perl multiple problems
Several problems were fixed in the scripting language perl.
Specially crafted regular expressions could crash perl
(CVE-2008-1927).
Insufficient symlink checks in the File::Path could result in wrong
file permissions (CVE-2008-2827).
Additionally problem in the CGI module was fixed that could result
in an endless loop if uploads were canceled.
- Wireshark / ethereal multiple security problems
Various vulnerabilities have been fixed in ethereal and wireshark:
CVE-2008-3137, CVE-2008-3138, CVE-2008-3139,
CVE-2008-3140, CVE-2008-3141, CVE-2008-3145
and CVE-2008-3146. Those could be potentially used to crash
wireshark or potentially execute code.
Updates have been released for all SUSE Linux distributions.
- namazu cross site scripting
The indexing engine namazu was upgraded to fix a UTF-7
cross-site-scripting vulnerability. (CVE-2008-1468)
namazu was updated on all products containing it.
- gnome-screensaver clipboard disclosure
gnome-screensaver was updated to disallows local users to
read the contents of the clipboard for a locked screen using
ctrl-v. (CVE-2007-6389)
Updates have been released for openSUSE 10.3, other distributions
were not affected.
- MySQL security problems
The database server MySQL was updated to fix a security problem:
CVE-2008-2079: MySQL allowed local users to bypass certain privilege
checks by calling CREATE TABLE on a MyISAM table with modified (1)
DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within
the MySQL home data directory, which can point to tables that are
created in the future.
CVE-2006-7232: sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x
before 5.1.14 allows remote authenticated users to cause a denial of
service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table, as originally demonstrated using ORDER BY.
MySQL was updated on all SUSE Linux distributions.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
None listed this week.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
participants (1)
-
Marcus Meissner