-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:019
Date: Wed, 09 Aug 2006 15:00:00 +0000
Cross-References: CVE-2006-1695, CVE-2006-3119, CVE-2006-3376
CVE-2006-3404, CVE-2006-3458, CVE-2006-3548
CVE-2006-3549
Content of this advisory:
1) Solved Security Vulnerabilities:
- fbi unsafe postscript display
- gimp XCF loader problem
- libwmf overflow
- X.org server PCF problems
- zope information disclosure
- horde various problems
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Kernel Update
- Mozilla Firefox / Thunderbird / Suite Security Updates
- php4 / php5 security updates in preparation
- ethereal security update
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- fbi unsafe postscript display
The fbgs program did not activate security options in the postscript
interpreter due to a typo (CVE-2006-3119). fbgs also used a temporary
directory with a predictable name (CVE-2006-1695).
Updates have been released for all SUSE Linux products.
- gimp XCF loader problem
A buffer overflow was fixed in the xcf loader in GIMP that allows
user-complicit attackers to cause a denial of service (crash) and
possibly to execute arbitrary code via an XCF file with a large
num_axes value in the VECTORS property. (CVE-2006-3404)
Fixed gimp and gimp-unstable packages have been released for all
SUSE Linux based products.
- libwmf overflow
A heap overflow could be triggered by specially crafted WMF (Windows
Meta Files) in the libwmf library. This problem could be exploited
to execute code, by a remote attacker providing a file with embedded
WMF data to an application understanding this (like OpenOffice_org,
abiword, gimp).
This issue is tracked by the Mitre CVE ID CVE-2006-3376 and affects
all SUSE Linux based products.
- X.org server PCF problems
The PCF handling in the X.Org and XFree86 servers suffered from
similar problems than freetype2. This security update fixes crashes
in the PCF handling, which might be used to crash the Xserver using
applications or even to execute code in it.
All SUSE Linux based products were affected by this problem.
- zope information disclosure
The content management system Zope had a bug in the way the
docutils module parses and renders "restructured text" could lead
to information disclosure.
This issue is tracked by the Mitre CVE ID CVE-2006-3458 and affects
all SUSE Linux products.
- horde various problems
The following two security issues were fixed in the Horde Application
Framework:
- CVE-2006-3548: Multiple cross-site scripting (XSS) vulnerabilities
allow remote attackers to inject arbitrary web script or HTML
via a (1) javascript URI or an external (2) http, (3) https, or
(4) ftp URI in the url parameter in services/go.php (aka the
dereferrer), (5) a javascript URI in the module parameter in
services/help (aka the help viewer), and (6) the name parameter
in services/problem.php (aka the problem reporting screen).
- CVE-2006-3549: services/go.php does not properly restrict its
image proxy capability, which allows remote attackers to perform
"Web tunneling" attacks and use the server as a proxy via (1)
http, (2) https, and (3) ftp URL in the url parameter, which is
requested from the server.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Kernel Update for Enterprise Distributions
The update kernels for the last 2 local root privilege escalations
are still not released due to trouble with (mandatory) partner
re-certification testing.
We hope to be able to release them this week.
- Mozilla Firefox / Thunderbird / Suite Security Updates
We will be updating Mozilla in the next days.
- Mozilla Firefox:
All Mozilla Firefox on released distributions will be upgraded
to version 1.5.0.6.
This update affects: Novell Linux Desktop 9, SUSE Linux Enterprise 10,
SUSE Linux 9.2 - 10.1
The update might break manually installed Firefox Extensions.
- Mozilla Thunderbird
Mozilla Thunderbird updates have been released, the version
was bumped to 1.5.0.5. (The patch summary lists it incorrectly
at 1.5.0.6, but it is 1.5.0.5)
- Mozilla Suite discontinuation / replacement by Seamonkey.
Since the Mozilla Suite is no longer maintained, we will replace
it by Seamonkey 1.0.3.
This update affects: SUSE Linux Desktop 1, SUSE Linux Enterprise
Server 8, SUSE Linux Enterprise Server 9, Novell Linux Desktop 9,
SUSE Linux 9.2 - 10.0.
This will likely also require updates of evolution, beagle,
and other dependent packages, so it might take some time.
In general we recommend not using the Mozilla Suite any longer.
- php4 / php5 security updates in preparation
A critical PHP 4 / 5 problem was found, we are preparing updates
for this problem. (CVE-2006-4020)
- ethereal security update
The last ethereal security update is currently being tested in QA.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team