-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:014
Date: Tue, 07 Jun 2005 14:00:00 +0000
Cross-References: CAN-2005-1151
CAN-2005-1152
CAN-2005-1349
CAN-2005-0103
CAN-2005-0104
CAN-2005-1455
CAN-2005-1454
CAN-2004-1456 - CAN-2004-1470
Content of this advisory:
1) Solved Security Vulnerabilities:
- freeradius problems
- clamav version update
- squirrelmail cross site scripting and code inclusion problem
- perl-Convert-UUlib buffer overflow
- ethereal various security problems
- info2html cross site scripting
- qpopper problems
- libtiff buffer overflow
- Mozilla Firefox various security problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- various kernel security problems
- postgresql
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- freeradius problems
The FreeRADIUS SQL support is prone to a SQL command injection
(CAN-2005-1455) and to a buffer overflow (CAN-2005-1454). The buffer
overflow might be exploitable remotely to execute arbitrary code.
This affects all SUSE Linux products.
- clamav version update
The anti virus scan engine "clamav" was updated to the 0.85.1 upstream
release. This update contains several improvements and bugfixes
for Clamav. See /usr/share/doc/packages/clamav/ChangeLog for details.
All SUSE Linux products containing clamav are affected.
- squirrelmail cross site scripting and code inclusion problem
This update fixes the following security problems:
- Bugs that allowed a cross site scripting attack (CAN-2005-0104)
- Missing access restrictions on config files
- A bug that allowed an attacker to execute arbitrary PHP code
(CAN-2005-0103)
SUSE Linux Box product versions 9.0 up to 9.3 are affected.
- perl-Convert-UUlib
This update fixes a buffer overflow in perl-Convert-UUlib that
could allow an attacker to execute arbitrary code.
This is tracked by the Mitre CVE ID CAN-2005-1349.
- ethereal
Multiple security vulnerabilities have been found in the network
analyzing tool ethereal.
This update upgrade ethereal to the latest release (0.10.11) which
has all the security bugs fixed.
A full list of those bugs is on:
http://www.ethereal.com/appnotes/enpa-sa-00019.html
This updates fixes the issues tracked by the Mitre CVE IDs
CAN-2004-1456 up to CAN-2004-1470.
All SUSE Linux based products are affected.
- info2html
The info2html document converter had cross site / cross frame
scripting problems due to insufficient argument escaping.
All SUSE Linux based products are affected.
- qpopper
Qpopper was handling user files while running as root. Qpopper
could also be tricked into overwriting system files.
Mitre has assigned the CVE IDs CAN-2005-1151 and CAN-2005-1152 to
these issues.
- libtiff
This update fixes a buffer overflow in the BitsPerSample() function.
This problem affects all SUSE Linux based distributions.
- Mozilla Firefox
Mozilla Firefox has been upgraded to version 1.0.4, fixing following
security problems:
MFSA 2005-42: A problem in the install confirmation dialog together
with a bad fix for MFSA 2005-41 allowed a remote attacker to execute
arbitrary code with the help of a cross site scripting problem on
the Mozilla website.
MFSA 2005-43: By causing a frame to navigate back to a previous
javascript: URL an attacker can inject script into the forward
site. This site can be controlled by the attacker allowing them
to steal cookies or sensitive data from that page or to perform
actions on behalf of that user.
MFSA 2005-44: A variant of MFSA 2005-41 overrides properties on a
non-DOM node and then substitutes that object for one chrome script
will access. Most examples involved the attacker synthesizing an
event targeted at a non-DOM node, and overriding standard DOM node
properties such as type with references to eval() calls or Script()
objects.
This affects SUSE Linux 9.0, 9.1, 9.2 and Novell Linux Desktop 9.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- various kernel security problems
Various security problems were found in both the 2.4 and 2.6 Linux
kernels.
We are currently testing updates for all current issues and will
be releasing them shortly.
All SUSE Linux based products are affected.
- postgresql
Two security errors in PostgreSQL may allow an unprivileged database
user to crash the backend process or allow an unprivileged user to
gain the privileges of a database superuser.
To fix those problems please carefully read the instructions on
http://www.postgresql.org/about/news.315
This is tracked by the Mitre CVE IDs CAN-2005-1409 and CAN-2005-1410
All SUSE LINUX based products except for SLES8 are affected.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team