SUSE Security Summary Report SUSE-SR:2006:023
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:023
Date: Wed, 27 Sep 2006 14:00:00 +0000
Cross-References: CVE-2004-2655, CVE-2006-3739, CVE-2006-3740
CVE-2006-4019, CVE-2006-4031, CVE-2006-4192
CVE-2006-4226, CVE-2006-4227, CVE-2006-4790
Content of this advisory:
1) Solved Security Vulnerabilities:
- X11 error handling in CID fonts
- mysql authorization problem
- xmms-plugins buffer overflow
- gnutls RSA signature forgery
- squirrelmail security problem
- xscreensaver locking without keyboard grab
- newpg,libksba crashes on signature verify
- bind remote denial of service problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- kernel update
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- X11 security problem in handling of CID fonts
An integer overflow vulnerability when rendering CID-keyed fonts
in the X Server was fixed.
This problem is tracked by the Mitre CVE IDs
CVE-2006-3739/CVE-2006-3740.
The update was released on 19th September for all SUSE Linux based
distributions.
- mysql authorization problem
The database server mysql was updated to fix several security
vulnerabilities.
CVE-2006-4031: authorization bypass through a previously created
MERGE table
CVE-2006-4226: authorization bypass on case sensitive file systems
to databases differing only in capitalization (getting
access to 'Foo' even if you only have access to 'foo').
CVE-2006-4227: argument evaluation in suid routines was done in
the privilege context of the routine definer instead
of the caller.
Updates for this problem have been released for all SUSE Linux
based distributions on September 22th.
- xmms-plugins buffer overflow
When using the XMMS plugin bundle package (xmms-plugins) specially
crafted AMF files could potentially be used to exploit a heap based
buffer overflow in libmodplug (CVE-2006-4192).
Updates for all SUSE Linux versions were released on September 21st.
- gnutls RSA signature forgery
The GNU TLS library was also affected by the RSA signature forgery
problem, where excess data was not checked during signature checking
with RSA keys with exponent 3.
This problem could be used to fake those RSA signatures. (CVE-2006-4790).
Updates for all SUSE Linux based distributions were released on
September 27th.
- squirrelmail security problem
A minor bug was fixed in the squirrelmail webmail front end were
authenticated users can modify the preferences of other users.
This problem is tracked by the Mitre CVE ID CVE-2006-4019 and was
released on September 15th for SUSE Linux 9.2 up to 10.0.
- xscreensaver locking without keyboard grab
xscreensaver locked the screen even if it failed to grab the
keyboard. Therefore it was possible to accidentally type the password
into a different program than the screen saver. rdesktop is known
to expose this problem.
The Mitre CVE ID CVE-2004-2655 was assigned to this problem and
it was fixed for SUSE Linux Enterprise Server 8 and 9, and Novell
Linux Desktop 9.
- newpg,libksba crashes on signature verify
The gpgsm program crashed when verifying a signature with certain
malformed x.509 certificates.
This update was released for all affected SUSE Linux Distributions.
- bind remote denial of service problems
This update fixes two vulnerabilities in bind that allow a remote
attacker to trigger a denial-of-service attack. (VU#697164 - BIND
INSIST failure due to excessive recursive queries, VU#915404 -
BIND assertion failure during SIG query processing)
Up to now only SUSE Linux Enterprise 10 fixed packages were released,
others are currently QA tested.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- current kernel update
The packages of the last kernel update have almost all been released
for our customers, except SLES 10 for S/390. Once this last kernel
has been released, a separate security advisory will be published.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
participants (1)
-
Marcus Meissner