SUSE Security Summary Report SUSE-SR:2004:003
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Summary Report
Announcement-ID: SUSE-SR:2004:003
Date: Tuesday, Dec 7th 2004 15:00 MEST
Cross References: CAN-2004-0782
CAN-2004-0883
CAN-2004-0947
CAN-2004-1010
CAN-2004-1011
CAN-2004-1012
CAN-2004-1013
CAN-2004-1070
CAN-2004-1071
CAN-2004-1072
CAN-2004-1073
CAN-2004-1074
Content of this advisory:
1) solved security vulnerabilities:
- kernel problems
- cyrus-imapd remote problems
- imlib image loader problems
- unarj directory traversal and buffer overflow
- zip buffer overflow problem
2) pending vulnerabilities, solutions, workarounds:
- Sun and Blackdown Java
- new kernel problems
3) standard appendix (further information)
______________________________________________________________________________
1) solved security vulnerabilities
To avoid spamming lists with advisories for every small incident,
we will release weekly summary advisories for issues where we have
released updates without a full advisory. Since these are minor
issues, md5sums and ftp URLs are not included.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- kernel
Several problems have been found in the Linux 2.4 and 2.6
kernels:
- Several issues have been found in the error handling of the ELF
loader routines by Paul Starzetz of isec.pl. These are tracked
by the Mitre CVE Ids: CAN-2004-1070,CAN-2004-1071,CAN-2004-1072
CAN-2004-1073.
- Several overflow checks in the smbfs handling of both Linux
2.4 and 2.6 were found missing by Stefan Esser.
This is tracked by the Mitre CVE Id CAN-2004-0883.
- Handcrafted a.out binaries could be used to trigger a local
denial of service condition in both 2.4 and 2.6 Linux kernels.
Fixes for this problem were done by Chris Wright.
This is tracked by the Mitre CVE Id CAN-2004-1074.
- A very small race window was found in the memory management of
the kernel which could be used to show the content of random
physical memory pages potentially leading to information
disclosure. This is already fixed in the mainline kernel.
These bugs affect all SUSE Linux products. A separate advisory
has already gone out for this issue.
- cyrus-imapd
Remote buffer overflow possibilities in the Cyrus IMAP daemon
were found by Stefan Esser and Sebastian Krahmer.
These are tracked by the Mitre CVE IDs CAN-2004-1011,
CAN-2004-1012, and CAN-2004-1013.
All SUSE Linux based products are affected. A separate advisory
has already gone out for this issue.
- imlib
A review of the Fedora Core team found more problems in the
imlib source code. Patches to fix these problems have been
applied. These are related to the vulnerability tracked in
the Mitre CVE ID CAN-2004-0782 for which we already released
updated packages.
All SUSE Linux based products are affected.
- unarj
A directory traversal problem in the unpacker unarj was reported
which allows an attacker to overwrite files outside of the current
directory. Additionally Ludwig Nussel of SUSE found some buffer
overflow problems during extraction allowing an handwritten arj
archive to potentially execute code. The buffer overflow is tracked
by the Mitre CVE ID CAN-2004-0947.
All SUSE Linux based products are affected.
- zip
A buffer overflow in the unpacker zip was reported, which potentially
allows an attacker with a handcrafted ZIP archive to remotely execute
code. This is tracked by the Mitre CVE ID CAN-2004-1010.
All SUSE Linux based products are affected.
______________________________________________________________________________
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- Sun Java Plugin
A privilege escalation problem was found in the Sun Java Plugin
which could have a remote attacker reading and writing files of
a local user browsing websites.
This bug affects all SUSE versions on the Intel x86 and AMD64 /
Intel Extended Memory Architecture (EM64T) platforms.
We are in the process of releasing updated Java packages.
- kernel
Several more problems have been found in the Linux 2.4 and 2.6
kernels:
- A race condition in the unix_dgram_recvmsg() could lead
to a local attacker overwriting kernel memory. This is tracked
by the Mitre CVE ID CAN-2004-1068.
- Local denial of service in aio_free_ring().
- Local denial of service with badly formed ELF executables
on 64 bit systems.
- Some more minor issues.
All SUSE Linux based products are affected and we are in the
process of preparing updated packages.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum
participants (1)
-
Marcus Meissner