openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
November 2000
- 2 participants
- 6 discussions
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: netscape
Announcement-ID: SuSE-SA:2000:48
Date: Thursday, November 30th, 2000 19:00 MET
Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
Vulnerability Type: clientside remote vulnerability
Severity (1-10): 4
SuSE default package: yes
Other affected systems: systems w/ netscape versions before 4.76
Content of this advisory:
1) security vulnerability resolved: netscape
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
Michal Zalewski <lcamtuf(a)DIONE.IDS.PL> has found a buffer overflow in
the html parser code of the Netscape Navigator in all versions before
and including 4.75. html code of the form
<form action=foo method=bar>
<input type=password value=long string here>
more form tags
</form>
can crash the browser. It may be possible for an attacker to supply
a webpage that executes arbitrary code as the user running netscape.
As of today, no exploit code is known to exist in the wild.
SuSE provides an update package for the vulnerable software. It is
recommended to upgrade to the latest version found on our ftp server
as described below. The update package introduces Netscape version
4.76.
NOTE:
Please note that Netscape-4.76 is not available for the glibc-2.0-based
SuSE Distributions SuSE-6.0 and 6.1 because Netscape doesn't provide
any binaries for the glibc version in these distributions (glibc-2.0).
For SuSE-6.0 and 6.1, we provide a libc5-based version of netscape-4.76
which runs smoothly on all i386-based SuSE distributions 6.x and 7.x,
provided the package shlibs5 is installed. The package can be found in
the update/5.3 directory on our ftp server (see below).
There are no packages available for platforms other than i386.
NOTE:
The packages on our ftp servers date back to October 31st. Since
there is no release notes or README file with equivalent content
in the netscape tarball, SuSE security was not aware of the fact
that this release of netscape fixes the known problems. This
information can be obtained from (along with information about
other bugfixes)
http://home.netscape.com/eng/mozilla/4.7/relnotes/windows-4.76.html .
Please choose the update package(s) for your distribution from the URLs
listed below and download the necessary rpm files. Then, install the
package using the command `rpm -Uhv file.rpmŽ. rpm packages have an
internal md5 checksum that protects against file corruption. You can
verify this checksum using the command (independently from the md5
signatures below)
`rpm --checksig --nogpg file.rpm',
The md5 sums under each package are to prove the package authenticity,
independently from the md5 checksums in the rpm package format.
<p> Intel i386 Platform
SuSE-7.0
SuSE-6.4
SuSE-6.3
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/netscape-4.76.glibc21.i386…
7ccebaca7df0937a3c08fc30a27af858
SuSE-6.1
SuSE-6.0
ftp://ftp.suse.com/pub/suse/i386/update/5.3/xap1/netscape-4.76.libc5.i386.r…
3c4f06c5fea4755083524eb135627380
<p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- ssh/openssh
Several inconsistencies and configuration bugs have been introduced
in the SuSE rpm packages for the update of openssh (SuSE-SA:2000:47)
that cause the openssh software to not work as reliably as usual.
The packages are about to be reworked, the openssh announcement will
be reissued.
- pidentd
The in.identd daemon on SuSE distributions can be crashed remotely.
We're working on a fix.
- bash1
bash, version 1, handles temporary files in an unsafe manner that
allows a local attacker to overwrite arbitrary files as the user
running a bash1 with input redirection of the "<< EOF" style.
The bash1 package is not used per default in SuSE-distributions.
We're working on a fix (update packages).
- tcsh
The paragraph above about bash version 1 applies to the tcsh as
well, in all versions. The tcsh is not used by SuSE scripts.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
Regards,
Roman Drahtmüller.
- - --
- -
| Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOiacFHey5gA9JdPZAQEy5Qf+NlySb8Nk3N5KUFHMf4zh/tVQfyCiXEW5
GUJ5M3Y8quHZq2KX/ErCXWws2/RJAIdHnyEAkeXigwZ001l0MqnWM5PqAWUUGXRh
X4isNVr2IeV07RnhIyLdYUj4sDBfmDf1Xwyf/cl6SYcHmeo9/dnfz4ImanYuO9iF
cd1gjSWQVCGkP6C28p99GaK3IfzUMvfZjiINS1/mURKSeiQMsOTd4ktOtBvKJY4O
SVe8d9is1lUqoiRME1q0+ri3iRLYGWQDDrjukg1SUXVO3jgEXi+lBrO0fs3Stb7o
OKRaMnWJvsoHmemRWBMHo7mnBtdYkubQqF6iSIVC60NuW/VJmV9YWg==
=Nv3j
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: openssh/ssh
Announcement-ID: SuSE-SA:2000:47
Date: Friday, November 24th, 2000 16:30 MET
Affected SuSE versions: 6.4, 7.0
Vulnerability Type: clientside remote vulnerability
Severity (1-10): 6
SuSE default package: yes
Other affected systems: systems w/ openssh versions before 2.3.0
Content of this advisory:
1) security vulnerability resolved: openssh
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
openssh is an implementation of the secure shell protocol, available under
the BSD license, primarily maintained by the OpenBSD Project.
Many vulnerabilities have been found in the openssh package, along with
a compilation problem in the openssh and ssh packages in the SuSE-7.0
distribution: An openssh client (the ssh program) can accept X11- or
ssh-agent forwarding requests even though these forwarding capabilities
have not been requested by the client side after successful authentication.
Using these weaknesses, an attacker could gain access to the
authentication agent which may hold multiple user-owned authentification
identities, or to the X-server on the client side as if requested by the
user. These problems have been found/reported by Markus Friedl
<markus.friedl(a)informatik.uni-erlangen.de> and Jacob Langseth
<jwl(a)pobox.com>.
A problem in the configure script in both the openssh and ssh package
on the SuSE-7.0 distribution caused the sshd programs to not be linked
against the tcp-wrapper library. By consequence, access rules for the sshd
server-side service as configured in /etc/hosts.allow and /etc/hosts.deny
were ignored. This has been reported to us by Lutz Pressler <lp(a)SerNet.DE>.
We thank these individuals for their contribution.
Sebastian Krahmer <krahmer(a)suse.de> found a small tmp file handling
problem in the perl script `make-ssh-known-hostsŽ. A (local) attacker
could trick the perl program to follow symbolic links and thereby
overwriting files with the privileges of the user calling
make-ssh-known-hosts.
The solution for the first three problems (agent+X11-forwarding, missing
libwrap support) is an upgrade to a newer package. The tmp file problem
can be easily solved by hand. Please see the special install instructions
below.
Note: Upon public request, we also provide update packages for the
SuSE-6.3 Intel distribution, even though the openssh packages
was not included in this distribution.
<p> special install instructions:
=====================================
To find out which package (ssh or openssh) you use, please use the command
`rpm -qf /usr/bin/sshŽ.
__
case openssh:
Please follow the instructions below to download and install
the update package. Afterwards, restart the sshd daemon:
`rcsshd restartŽ.
__
case ssh:
before SuSE-7.0 (excluding 7.0):
In the file /usr/bin/make-ssh-known-hosts, please change the line
(around line 102)
$private_ssh_known_hosts = "/tmp/ssh_known_hosts$$";
to read
$private_ssh_known_hosts = "~/ssh_known_hosts$$";
and you are done.
SuSE-7.0: Please follow the instructions below to download
and install the update package. Afterwards, restart the sshd daemon:
`rcsshd restartŽ
<p> Please choose the update package(s) for your distribution from the URLs
listed below and download the necessary rpm files. Then, install the
package using the command `rpm -Uhv file.rpmŽ. rpm packages have an
internal md5 checksum that protects against file corruption. You can
verify this checksum using the command (independently from the md5
signatures below)
`rpm --checksig --nogpg file.rpm',
The md5 sums under each package are to prove the package authenticity,
independently from the md5 checksums in the rpm package format.
<p> i386 Intel Platform:
SuSE-7.0
ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/openssh-2.3.0p1-0.i386.rpm
3c7b9044ffb64f9f74c904eb2b278eb2
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm
aebcda19518208497671e752bbdfaeb8
SuSE-6.4
ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/openssh-2.3.0p1-0.i386.rpm
04c17b0eba99c798ae401fb9aafbc7e4
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm
2003ab41cfa32ef39b11b4977ef4cd1f
SuSE-6.3
ftp://ftp.suse.de/pub/suse/i386/update/6.3/sec1/openssh-2.3.0p1-0.i386.rpm
04c17b0eba99c798ae401fb9aafbc7e4
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/6.3/zq1/openssh-2.3.0p1-0.src.rpm
2003ab41cfa32ef39b11b4977ef4cd1f
<p> Sparc Platform:
SuSE-7.0
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/openssh-2.3.0p1-0.sparc.rpm
898aaaacee88777429496f1a5658076f
source rpm:
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm
97868b04de04a0baafcee69ebbbe6079
<p> AXP Alpha Platform:
SuSE-7.0
ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/openssh-2.3.0p1-0.alpha.rpm
dd12c60b2744455780c976b115b26f27
source rpm:
ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm
6df5af1a88fda4d8fc1a493e4d10bc01
SuSE-6.4
ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/openssh-2.3.0p1-0.alpha.rpm
99de4bb6f183be1b69a610744f4566bc
source rpm:
ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm
aa56e311205ba58478c815760452367e
<p> PPC Power PC Platform:
SuSE-7.0
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/openssh-2.3.0p1-0.ppc.rpm
72f7c339991e54a476585012423dda62
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/openssh-2.3.0p1-0.src.rpm
749ccc55396944ad43c1977e55903958
SuSE-6.4
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/openssh-2.3.0p1-0.ppc.rpm
59727fa055e5d835bc4e455302b1ef49
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/openssh-2.3.0p1-0.src.rpm
7e42dbad4e50a2ad9156e94cf2a93955
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
Clarification:
In my message (Subject: "SuSE: miscellaneous"), dated Wed, 15 Nov 2000,
concerning the paragraph about runtime linking problems in gs
(GhostScript) , I have stated that the problem will be fixed in future
versions of the SuSE distribution. This does not touch the fact that we
will of course provide fixes for the older distributions.
<p> - pine
The packages (version 4.30) are on our ftp server and can be downloaded.
The SuSE security announcement is pending.
<p> - netscape
Michal Zalewski <lcamtuf(a)DIONE.IDS.PL> has reported a buffer overflow
in Netscape's html parser code. A specially crafted html document may
cause the browser to execute arbitrary code as the user calling the
netscape program. The packages are available for download on ftp.suse.com.
A security announcement is on the way to address the issue.
- gs (ghostscript)
Two vulnerabilities have been found in the ghostscript package as shipped
with SuSE distributions: Insecure temporary file handling and a linker
problem that could make gs runtime-link against ./libc.so.6.
We're currently working on update packages. In the meanwhile, it is
advised to not run gs or applications that call gs from within a world-
writeable directory.
<p> - jed
The text editor jed saves files in /tmp upon emergency termination in an
insecure way. This problem was fixed with the release of SuSE-6.3 after
a SuSE-internal code audit by Thomas Biege <thomas(a)suse.de>. The
information about the existence of this bug was not communicated to the
public because the editor was not very widely used at that time.
We will provide update packages for the SuSE releases 6.0, 6.1 and 6.2
shortly.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
Regards,
Roman Drahtmüller.
- - --
- -
| Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOh6OSney5gA9JdPZAQFsKAf/Rn7V0D4N4nRRhWcYvvtNeIYfYsitOByR
7W/Q1Mbh3WIjDehw+3enCZi9PBB5GnoMVyMRthaUH1+1zY5DT8q/bkpgvhW3pD+F
pP/ksNRwJte2mZNdd/7UUu/cS8ditCIRO65JGyttqdU6VhoGLFgXiZPE0YWcfyJj
VoCRR4Jv6peCodSZdfOe5DVZUTfZATdp8Fm1A5+0XAVwfgr3n/J/aoJgkRwWJ/Kr
szGp7Q9TeIOzKZJOHxwKnQ+c+8ge0F2h02WsI8cq6B8HMhVwYnV4rXU4E7CmYnzm
sn6lKj7qTykqajNi1zqPjGpUDNU7gH1L5zMXiiisgkacT9bavwF7lw==
=Uskv
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: tcpdump
Announcement-ID: SuSE-SA:2000:46
Date: Friday, November 17th, 2000 16:00 MEST
Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4, 7.0
Vulnerability Type: remote denial of service
Severity (1-10): 6
SuSE default package: yes
Other affected systems: systems using the same versions of tcpdump
and the necessary libraries
Content of this advisory:
1) security vulnerability resolved: tcpdump
problem description, discussion, solution and upgrade information
2) clarification, pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
tcpdump is a widespread network/packet analysis tool, also known as a
packet sniffer, used in unix/unix-like environment.
Several overflowable buffers have been found in SuSE's version of tcpdump
that could allow a remote attacker to crash the local tcpdump process.
Since tcpdump may be used in combination with intrusion detection
systems, a crashed tcpdump process may disable the network monitoring
system as a whole.
The FreeBSD team who found these vulnerabilities also reported that
tcpdump's portion of code that can decode AFS ACL (AFS=Andrew File
System, a network filesystem, ACL=Access Control List) packets is
vulnerable to a (remotely exploitable) buffer overrun attack that
could allow a remote attacker to execute arbitrary commands as root
since the tcpdump program usually requires root privileges to gain
access to the raw network socket.
The versions of tcpdump as shipped with SuSE distributions do not
contain the AFS packet decoding capability and are therefore not
vulnerable to this second form of attack.
A temporary workaround for the tcpdump problems other than not using
tcpdump in the first place does not exist. However, we provide update
packages for the affected SuSE distributions. We recommend an upgrade
using the packages that can be found using the URLs below.
Note: Please note that there is only one source rpm package but two
binary rpm packages. tcpdump*.rpm is the rpm for the tcpdump program,
and libpcapn*.rpm is the packet capture library that is required by
tcpdump at compile time. In order to remove the security vulnerability
in tcpdump, it is necessary to update the tcpdump rpm package only.
The libpcapn package with the static library is provided for
consistency and compatibility because it will be generated if the
binary packages are rebuilt from the source rpm.
To check if your system has the vulnerable package installed, use the
command `rpm -q <package name>Ž. If applicable, please choose the update
package(s) for your distribution from the URLs listed below and download
the necessary rpm files. Then, install the package using the command
`rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that
protects against file corruption. You can verify this checksum using
the command (independently from the md5 signatures below)
`rpm --checksig --nogpg file.rpm',
The md5 sums under each package are to prove the package authenticity,
independently from the md5 checksums in the rpm package format.
i386 Intel Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/libpcapn-0.4a6-279.i386.rpm
f4e4a9231b695e1cf5eef0ad09871c34
ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/tcpdump-3.4a6-280.i386.rpm
ba711cf2fab14218752603fa5a941721
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/tcpdump-3.4a6-280.src.rpm
d4c5902c50d6a321e2c4ed665fcd1962
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/d1/libpcapn-0.4a6-279.i386.rpm
a1030d64ca4ca86a08b6bee5dc9cff78
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/tcpdump-3.4a6-280.i386.rpm
12335bf0055c6a9b915044a95a544aaa
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/tcpdump-3.4a6-280.src.rpm
dca26c3e5ef81f449cd43ab4d1f91b63
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/d1/libpcapn-0.4a6-279.i386.rpm
13c90044ed57792090163a33ffb69ecf
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/tcpdump-3.4a6-280.i386.rpm
646de6c14a2d4988d0c684a42b4eef58
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/tcpdump-3.4a6-280.src.rpm
46980acd95607d4a9c61ca0f75c33fc2
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/d1/libpcapn-0.4a6-279.i386.rpm
d058e563ad10daf078f5909a6b8ff288
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/tcpdump-3.4a6-280.i386.rpm
f5209f1f1433b0a55676f29451a2ef1b
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/tcpdump-3.4a6-280.src.rpm
cd34cd3feedbe0568d76dd9a406cec79
SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/d1/libpcapn-0.4a6-279.i386.rpm
ef454e2d23e410be82aa9f0634bcc9dc
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/tcpdump-3.4a6-280.i386.rpm
9f6ebff316039421ee00121a0e8720fa
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/tcpdump-3.4a6-280.src.rpm
d1148813da9610f940ecdbd462ab2541
SuSE-6.0
Please use the package for the SuSE-6.1 distribution.
<p> Sparc Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/d1/libpcapn-0.4a6-279.sparc.rpm
412a7db34985555705d8d43f2853ae4e
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/tcpdump-3.4a6-280.sparc.rpm
a177326150a65d78212cebba90b88201
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/tcpdump-3.4a6-280.src.rpm
49f1f0420dd84070dcd9a67452770e75
<p> AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/d1/libpcapn-0.4a6-279.alpha.rpm
096522f46ab70d92dda17b4ca33b4181
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/tcpdump-3.4a6-280.alpha.rpm
84ca9a93a2201f7046446ed07107cbbc
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/tcpdump-3.4a6-280.src.rpm
07ed654ad1693dca5fd433572b3689c9
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/d1/libpcapn-0.4a6-280.alpha.rpm
747c22bb722da5df7fe3cfc252bdc545
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/tcpdump-3.4a6-281.alpha.rpm
dbe10ebc95a2371d01df729af265bdf6
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/tcpdump-3.4a6-281.src.rpm
8f6e48e693fc465c1f60b6cee944c27c
<p> PPC Power PC Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/libpcapn-0.4a6-279.ppc.rpm
140b95ffb3be2c2915327d4798b16dd0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/tcpdump-3.4a6-280.ppc.rpm
7f71b4ac17e3ad2c071e712c137a7c28
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/tcpdump-3.4a6-280.src.rpm
d9db0e99e91d8981efebafd6a539566f
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/d1/libpcapn-0.4a6-279.ppc.rpm
ed8697842867cbb5457c03015c117131
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/tcpdump-3.4a6-280.ppc.rpm
782dc3faba33cf1b2d9e6ef95caf4107
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/tcpdump-3.4a6-280.src.rpm
318bf758753d9728f101de2101ad3227
<p><p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
Clarification:
In my message (Subject: "SuSE: miscellaneous"), dated Wed, 15 Nov 2000,
concerning the paragraph about runtime linking problems in gs
(GhostScript) , I have stated that the problem will be fixed in future
versions of the SuSE distribution. This does not touch the fact that we
will of course provide fixes for the older distributions.
<p> - pine
We're still working on the packages for the version 4.30 (stability
problems).
- ppp
The ppp "deny_incoming" problem as announced by FreeBSD Security
Advisory FreeBSD-SA-00:70.ppp-nat is FreeBSD specific and does not
affect the SuSE distribution.
- vixie cron
Michal Zalewski <lcamtuf(a)TPI.PL> reported security problems in
Paul Vixie's cron implementation that is commonly used in Linux
distributions. Due to correct permissions on the directory
/var/spool/cron, the SuSE cron package is not affected by the problem.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
Regards,
Roman Drahtmüller.
- - --
- -
| Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOhVREney5gA9JdPZAQHBPAf/fgUBBQa9WMGBv+IBYcbUjBAVC2Qa/kKI
ZOFVgQPUtLrAk9052YBNbmsDaaUnvgVn09YllVig4fBRfTRm/tdfdq+3rYSGUgn2
NqCc/Om79SDM3TH5wF4VnrTT8bBznCr9u7sWEGFGAa83uuw5eMALXtHcwWqoM5E3
llIKx4mikIHKHPJGZY4+va5Bmn4Zjq1eLInVlkOa9LqsI1+YcLa/9GSsyYgZP3Px
4YnG8XdUwgd6/Nlp1cg6Do/icdH/XfPx/RfVRda8S/sI232ClFt9+PtZbJEDqA2p
SGj5sm4f4h4e3Sn+tnRwKEexgV/84odnnFPeUzwFHXP8LKinZVakDA==
=IV5+
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: bind8
Announcement-ID: SuSE-SA:2000:45
Date: Thursday, November 16th, 2000 16:00 MEST
Affected SuSE versions: 6.0, 6.1, 6.2, 6.3, 6.4
Vulnerability Type: remote denial of service
Severity (1-10): 7
SuSE default package: no
Other affected systems: all systems using bind, version 8.2.2 before
patchlevel 7
Content of this advisory:
1) security vulnerability resolved: bind8
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
<p> BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has
been found vulnerable to two denial of service attacks: named may crash
after a compressed zone transfer request (ZXFR) and if an SRV record
(defined in RFC2782) is sent to the server. Administrators testing
the ZXFR bug should be aware that it can take several seconds after
the triggering the bug until the nameserver daemon crashes.
SuSE versions 6.0 through 6.4 are affected by these two problems.
The bind8 package in SuSE-7.0 is not affected because a different
version of bind8 (8.2.3) was used in this distribution. By the release
time of the SuSE-7.0 distribution our engineers have determined that
the problems we had with stalling zone transfers under some obscure
conditions were not present with the 8.2.3 release of the package.
Administrators are strongly recommended to upgrade their bind8 package
using the provided packages from the sources below. There is a
temporary fix for the ZXFR problem (disable zone transfers) but none
for the SRV record problem.
For the latest information about security vulnerabilities in the bind
name server consider the Internet Software Consortium bind security
webpage at http://www.isc.org/products/BIND/bind-security.html .
To check if your system has the vulnerable package installed, use the
command `rpm -q <package name>Ž. If applicable, please choose the update
package(s) for your distribution from the URLs listed below and download
the necessary rpm files. Then, install the package using the command
`rpm -Uhv file.rpmŽ. rpm packages have an internal md5 checksum that
protects against file corruption. You can verify this checksum using
the command (independently from the md5 signatures below)
`rpm --checksig --nogpg file.rpm',
The md5 sums under each package are to prove the package authenticity,
independently from the md5 checksums in the rpm package format.
i386 Intel Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/bind8-8.2.2-139.i386.rpm
c6f2242efe722aaa4320010e00ddc080
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/bind8-8.2.2-139.src.rpm
ecd26bdf60d7950585649bc638a1d812
SuSE-6.3
ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/bind8-8.2.2-139.i386.rpm
d3f51528ad2120cd3dc6517c2bc26c0a
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/bind8-8.2.2-139.src.rpm
6f1b8c1227d4876389a28d416a952713
SuSE-6.2
ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/bind8-8.2.2-139.i386.rpm
4d8a9f4c6e041326929bbdae97c10105
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/bind8-8.2.2-139.src.rpm
83807820676d98687797ffff6f5b425c
SuSE-6.1
ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/bind8-8.2.2-139.i386.rpm
1694cf40b5fa41361749297c9cddbca4
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/bind8-8.2.2-139.src.rpm
8c5f727554e12a5aedb96de3db663518
SuSE-6.0
Please use the package from the 6.1 distribution.
AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/bind8-8.2.2-139.alpha.rpm
51f61faaad78160fb3dcc68a8588c209
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/bind8-8.2.2-139.src.rpm
f42c51962852f8ff14e2d6423de62aec
SuSE-6.3
ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/bind8-8.2.2-139.alpha.rpm
4d16cecb0da4f8ed6bff9c92655b9036
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/bind8-8.2.2-139.src.rpm
d8c4d1d9f0a14249151aa9d9e25f1db8
SuSE-6.1
ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/bind8-8.2.2-139.alpha.rpm
6a4f5b18072cca93f9064fdc802e50fb
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/bind8-8.2.2-139.src.rpm
a3eec237cc642739b5b6c6eea6d197c0
<p> PPC Power PC Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/bind8-8.2.2-139.ppc.rpm
65e82b875e7f8ff7409062d502d56115
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/bind8-8.2.2-139.src.rpm
fd2a6e2a29a80b997758d4245913ff51
<p><p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
A new security announcement follows this advisory.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
Regards,
Roman Drahtmüller.
- - --
- -
| Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOhP863ey5gA9JdPZAQGVSggAjgh+Kdg2Xc6xLGVRrI4DrNOJLKLf/Hvc
/1+WxxMMGW8Pzhk46tk6lXnY8oHwM+/Y5bqrVCRZbO3kcxisfnDf/DoOK6G9aoSH
pVazqG5TqGHxbya+rKR72x/u/yTgA3EuGvb3zNL2uudDSRY2lj6h9k0xXP3k+Hv2
hfyKCloWHvrKcJnphTsBu4oShr/j9yT8bAyDrW7MnS7u5th092b/3vXz/KJ6joZy
HOsln5N8Ul1lHnFeVk+xhRkQbyV8SUUgXTASxM/iYVx2RnDyA0IXcnc3F+D3lSjD
Iy+J6QOWmzhD46kGdov4RCqZihKiQ6LmwcZaaXVk+iMHxXAGtS4DWA==
=AAo1
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
SuSE: miscellaneous 15:30 MET, Wednesday, November 15 2000
This notice addresses the latest security advisories from various Linux
vendors as well as private contributors on public security forums. The
issues have been collected to keep the noise on the public security
forums at a reduced level.
The information herein should be considered both background as well as
upgrade information (please read carefully).
<p>==
Topics:
1) SuSE security staff
2) packages:
gpg (update information)
bind8 (status: update avail, announcement pending)
pine (status: testing new version 4.30)
dump (status: not vulnerable)
phf (status: not vulnerable)
gs (status: pending)
global (status: building)
crontab (status: not vulnerable)
vlock (status: not vulnerable)
tcpdump (status: update avail, testing)
tcsh (status: update+announcement pending)
modules (status: more updates for older distributions)
==
1) SuSE security staff
SuSE welcomes security professional Sebastian Krahmer <krahmer(a)suse.de>
aboard the SuSE security team. His name has already been on top of the
last SuSE security announcement about the security problems in the modules
package. Enlarging the capacity of the security team, Sebastian will be
busy fixing security problems, auditing code and maintaining security-
related software. More security announcements from him will be seen in the
future.
<p>2) packages
_________________________________________________________________________
* gpg
GnuPG may erroneously recognize a file/mail to be correctly signed, if
there are multiple signatures and the file/mail has been modified.
This bug affects all GnuPG versions prior to and including 1.0.3. It has
been fixed in version 1.0.4. Updated packages are available on our
German ftp server (as well as its mirrors) for the SuSE distributions
6.3, 6.4 and 7.0. Please note that the gpg packages for the SuSE-7.0
distribution have an addon, called gpgaddon. It contains
implementations of cipher algorythms that require licenses in many
countries due to software patents. Those gpgaddon packages are not
listed below.
There will not be a security announcement for this package - the
privacy risk for users of the old package is considerably small.
You can update your installed packages using the command
rpm -Uhv <URL-to-file>
where <URL-to-file> is one of the following FTP URLs to chose from.
Please use the SuSE Linux mirrors as listed at
http://www.suse.de/de/support/download/ftp/inland.html .
The md5sums for the files on the ftp server are:
i386 Intel Platform
SuSE-7.0
ftp://ftp.suse.de/pub/suse/i386/update/7.0/sec1/gpg-1.0.4-7.i386.rpm
d0b78231c127a6423c7ca46ec9618c00
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/7.0/zq1/gpg-1.0.4-7.src.rpm
a613abc7691b49e0c67e8c7dc924e3b0
SuSE-6.4
ftp://ftp.suse.de/pub/suse/i386/update/6.4/sec1/gpg-1.0.4-7.i386.rpm
c5b9fbe25d8cb5db4f52638c0959294d
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/6.4/zq1/gpg-1.0.4-7.src.rpm
f9d351e1b86fbcfbcf0d23fae5739b20
SuSE-6.3
ftp://ftp.suse.de/pub/suse/i386/update/6.3/sec1/gpg-1.0.4-7.i386.rpm
c5b9fbe25d8cb5db4f52638c0959294d
source rpm:
ftp://ftp.suse.de/pub/suse/i386/update/6.3/zq1/gpg-1.0.4-7.src.rpm
f9d351e1b86fbcfbcf0d23fae5739b20
<p> Sparc Platform
SuSE-7.0
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/sec1/gpg-1.0.4-5.sparc.rpm
335aa6315468d4dae5753a6d14809bdd
source rpm:
ftp://ftp.suse.de/pub/suse/sparc/update/7.0/zq1/gpg-1.0.4-5.src.rpm
796b6f901aee33aad5fd01dc874abe3c
<p> PPC Power PC platform
SuSE-7.0
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/sec1/gpg-1.0.4-7.ppc.rpm
302a7899783c9604a4ce962fcc627675
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/7.0/zq1/gpg-1.0.4-7.src.rpm
415be9ff92bcfd4a8f764207d412906d
SuSE-6.4
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/sec1/gpg-1.0.4-5.ppc.rpm
3566276b56ce13d6b977af91b5797ffc
source rpm:
ftp://ftp.suse.de/pub/suse/ppc/update/6.4/zq1/gpg-1.0.4-5.src.rpm
49b75a880656a11e99fcbad16673247e
<p> AXP Alpha Platform
SuSE-7.0
ftp://ftp.suse.de/pub/suse/axp/update/7.0/sec1/gpg-1.0.4-12.alpha.rpm
8a504ad8957d455ead3ff22d6ba31626
source rpm:
ftp://ftp.suse.de/pub/suse/axp/update/7.0/zq1/gpg-1.0.4-12.src.rpm
986675ccf38f88770c079281a4175618
SuSE-6.4
ftp://ftp.suse.de/pub/suse/axp/update/6.4/sec1/gpg-1.0.4-5.alpha.rpm
65f6662aea3ff8832ac932ca0a57c10b
source rpm:
ftp://ftp.suse.de/pub/suse/axp/update/6.4/zq1/gpg-1.0.4-5.src.rpm
1d3ff30fac336c8e314da9903d1ee1b9
_________________________________________________________________________
* bind8
BIND, the Berkeley Internet Name Daemon, versions before 8.2.2p7, has
been found vulnerable to two denial of service attacks: named may crash
after a compressed zone transfer request and if an SRV record (defined
in RFC2782) is sent to the server. SuSE versions 6.0 through 6.4 are
affected by this problem. The bind8 package in SuSE-7.0 is not
susceptible to the problems because a different version of bind8 has
been used in this distribution.
A temporary workaround against the first error is to disable zone
transfers if those are not needed (it is recommended for security
reasons, and the default configuration in our package has zone transfers
disabled.). Since the second bug can't be circumvented so easily, it is
recommended to upgrade the bind8 package as soon as possible.
Recognizing the urgency of this issue, the updated packages are on their
way to the ftp server right now. An announcement covering the issue will
follow this notice.
_________________________________________________________________________
* pine
The popular text-based mail user agent is vulnerable to a buffer
overflow in the portion of code that periodically checks for the arrival
of new mail. In addition, there is an error in the header parsing code
which could lead to a crash of the mail program.
The authors of pine (University of Washington, Seattle, see
http://www.washington.edu/pine/credits.html) have published a new version
of the pine package that should fix the known problems. During testing,
several instabilities of the program have been observed so that we
have delayed the release of the updated version. Additional patches are
being tested right now so that the release of the new version 4.30 can
be expected within days.
_________________________________________________________________________
* dump
The Linux implementation of the ext2fs backup utility "dump" can be
tricked into running arbitrary commands as root in case it is installed
setuid root. dump is not installed suid root in SuSE Linux releases 6.0
through (the most recent) 7.0 because there is no convincing reason to
do so. Therefore, SuSE Linux is not vulnerable to this problem with
the dump program.
_________________________________________________________________________
* phf cgi program
proton <proton(a)ENERGYMECH.NET> has discovered a buffer overflow that can
lead the phf cgi program to execute arbitrary code with the privileges
of the user that the webserver is running under. SuSE distributions
contain a cgi program that is called phf, it is included in the thttpd
package. Installed under /usr/local/httpd/htdocs/cgi-bin/phf, this
program is a booby trap that logs attackers intending to exploit
formerly known bugs of the phf program. By consequence, SuSE
distributions are not vulnerable to the buffer overflow in the phf
program.
_________________________________________________________________________
* gs
The Ghostscript program in SuSE distributions runtime-links against
shared libraries in the current working directory if a shared library
with the adequate name is present. The problem is created by exporting
the environment variable LD_RUN_PATH at linking time during the package
compile process. Later, at runtime linking, the runtime linker
ld-linux.so.2 will try to open ./libc.so.6. If this fails, the linker
will continue searching the usual paths to find the library.
Basically, this means that users should call gs as well as all programs
using gs (such as gv or ghostview) in a directory that is only
writeable by the user calling gs. It is expected that more Linux
distributions (other than SuSE Linux) and possibly commercial unix
vendors as well are affected by this problem. In future versions of the
SuSE Linux distribution, this problem will be fixed.
_________________________________________________________________________
* global
htags, one program within the global package, is a hypertext generator
from C, Yacc and Java source code. The "-f" option generates a cgi
script as an input form backend that is vulnerable to a simple remote
attack if the script is executable by a webserver. Remote attackers can
run arbitrary commands under the user privileges of the webserver.
The global package is not installed per default, nor is the bug present
in the "installed-only" state of the package. However, if you use the
program and the "-f" option of htags, it is recommended to upgrade the
package as soon as possible. We are working on the update packages.
_________________________________________________________________________
* crontab
A tmp file vulnerability has been found in various implementations of
the crontab(1) command. SuSE Linux is not affected by this problem.
_________________________________________________________________________
* vlock
vlock is a terminal locking program for the Linux virtual system
console. It has been reported by Bartlomiej Grzybicki
<bgrzybicki(a)morliny.pl> that it is possible to crash a running vlock and
thus giving access to a console without a password. However, the
conditions under which the failure happens are not clear.
SuSE distributions are not concerned because the vlock program is not
included in the distribution.
_________________________________________________________________________
* tcpdump
Several buffer overflows have been found in the tcpdump program, a
network analysis program, according to FreeBSD Security Advisory
FreeBSD-SA-00:61.tcpdump. The vulnerability can be used to remotely crash
a running tcpdump program. Since the version of tcpdump included in SuSE
distributions is not capable of decoding AFS ACL packets, this particular
part of the bugs does not concern SuSE Linux. Though, some intrusion
detection systems rely on tcpdump's output so that a proper operation of
the tcpdump program is crutial.
There are updates packages available for download on our ftp server
which fix the vulnerability. The security announcement is pending while
we're still testing the packages.
_________________________________________________________________________
* tcsh
proton <proton(a)ENERGYMECH.NET> has found a temporary file vulnerability
in the portion of code in the tcsh that handles redirects of the form
cat << END_OF_TEXT
foo
bar
END_OF_TEXT
With this vulnerability in place, it is possible for an attacker to
overwrite arbitrary files with the privileges of the user of tcsh.
There is no fix for this problem other than an upgrade to a fixed
version which will be available on our ftp server shortly. An advisory
covering this matter will follow.
_________________________________________________________________________
* modules/modutils
Sebastian Krahmer <krahmer(a)suse.de> has issued a SuSE security
announcement about the shell meta character expansion vulnerability in
the modprobe program that is responsible for the automatic loading of
kernel modules upon request. In addition to the update packages for
the vulnerable versions of the SuSE distribution, we will provide
updates for the older distributions (6.0-6.3) shortly, even though
these distributions have not been found vulnerable to the modprobe
problem. The rpm packages can be found at the usual location shortly.
Regards,
Roman Drahtmüller,
SuSE Security.
- --
- -
| Roman Drahtmüller <draht(a)suse.de> // "Caution: Cape does |
SuSE GmbH - Security Phone: // not enable user to fly."
| Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) |
- -
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOhKcN3ey5gA9JdPZAQGW4QgAn6EDIQOe94u4xMc6u8z8yKv4eGaCQBk8
kCZ4l5kRizSO4z5NCc/oCChoi5ANuIIqRLG91cKixG0+4E69vgm140sSRicpfUtn
oqP2ExAXLf13vgA+XmFCTnFcTG3TY7+XCiwvpdM2aU95iuPcM0TSuVTeLlkFJW6S
Xkmt+58/111xFKrQ32UCOqgxsDIOV4b/Y5m+xi3XrubxdkW/eHjopZkutwXnFGVz
3rn1TEDOSRw6D41OdvWLRBQc6YdTYGdsUC4S5kMv3/Ti6/GQbjenxc3FKxWVPQaj
nvGMCobk5pbi/AuarEupXsgybDZbMmA6wlr8ppUsrV80uIqLH+zmZg==
=BjBa
-----END PGP SIGNATURE-----
1
0
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SuSE Security Announcement
Package: modules
Announcement-ID: SuSE-SA:2000:44
Date: Monday, November 13th, 2000 10:00 MEST
Affected SuSE versions: 6.4, 7.0
Vulnerability Type: local root compromise
Severity (1-10): 8
SuSE default package: yes
Other affected systems: many newer Linux distributions
Content of this advisory:
1) security vulnerability resolved: modprobe shell metacharacter
expansion
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The modules package is responsible for on-demand loading of kernel
modules/drivers. The /sbin/modprobe command, when executed as a new
task by the kernel-internal function request_module(), runs with the
priviledges of the init process, usually root.
Newer versions of the modprobe program contain a bug
which allows local users to gain root priviledges. modprobe expands
given arguments via /bin/echo and can easily be tricked into executing
commands. In order for this bug to be exploitable, a setuid root program
must be installed that can trigger the loading of modules (such as ping6).
The fix for this bug consists of a change to modprobe which disables
the expansion of arguments to modprobe via /bin/echo.
A temporary workaround for this bug is to disable the automatic loading
of modules in the running kernel by running the command (as root)
/sbin/sysctl -w kernel.modprobe=/
or
echo "/" > /proc/sys/kernel/modprobe
Please note that this temporary workaround will have to be repeated
after the next reboot to become effective again.
Download the update package from locations desribed below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
<p> i386 Intel Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/modules-2.3.11-73.i386.rpm
9643216a1e0c147635ef62d894a9d7ad
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/modules.spm
Due to a packaging error, the modules package source rpm is not
available on our ftp servers yet. It will appear at the location above
in very few hours.
<p> SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/modules-2.3.9-63.i386.rpm
d3a95b93e549aae9a462e84d179efe45
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/modules.spm
Due to a packaging error, the modules package source rpm is not
available on our ftp servers yet. It will appear at the location above
in very few hours.
<p> Sparc Platform:
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/modules-2.3.11-73.sparc.rpm
c0ab9aab7a61cefdb2cade98c663d4e3
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/modules.spm
Due to a packaging error, the modules package source rpm is not
available on our ftp servers yet. It will appear at the location above
in very few hours.
<p> AXP Alpha Platform:
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/modules-2.3.9-63.alpha.rpm
a88b84d7f3d79f2a47ff9e78681a0390
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/modules.spm
Due to a packaging error, the modules package source rpm is not
available on our ftp servers yet. It will appear at the location above
in very few hours.
<p> PPC Power PC Platform:
SuSE-7.0:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/modules-2.3.11-73.ppc.rpm
ef09b5c6438a0de8e18653e0a60d9c4c
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/modules.spm
Due to a packaging error, the modules package source rpm is not
available on our ftp servers yet. It will appear at the location above
in very few hours.
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/modules-2.3.9-63.ppc.rpm
27ba13500292c44969dd865f0c543c19
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/modules.spm
Due to a packaging error, the modules package source rpm is not
available on our ftp servers yet. It will appear at the location above
in very few hours.
<p>______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
A seperate message is being prepared to address the currently ongoing
security vulnerabilites.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security(a)suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe(a)suse.com>.
suse-security-announce(a)suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe(a)suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info(a)suse.com> or
<suse-security-faq(a)suse.com> respectively.
===============================================
SuSE's security contact is <security(a)suse.com>.
===============================================
Regards,
Sebastian Krahmer
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
Type Bits/KeyID Date User ID
pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de>
- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3i
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA
BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz
JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh
1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U
P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+
cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg
VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b
yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7
tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ
xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63
Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo
choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI
BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u
v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+
x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0
Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq
MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2
saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o
L0oixF12Cg==
=pIeS
- -----END PGP PUBLIC KEY BLOCK-----
<p>-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBOg+vPXey5gA9JdPZAQFwXQf+LqkRkpXmx6QNnM6aihRsnBpElNC/6Ip5
to1SNRdg2GPKDIznbFLCOOhu0v4siIfpJs0nJEK2CNyZvV3iCL8RZlHasfJTD/6/
GTQtXAaxXHeEISfn/3Ouibf1WIjYDGC7mo444412feabOcZWhzG1p/11G1wgmU3T
mWUMDWY5IgL/0Qz00ghC6tXnt3YQQtgw5hFzxfxyJ91zh74WbMcyRvU4hyfiBq3w
uhGyU5gjkwWoGugWm3RfEByEtflah1yumfeuV6Fh3UF6dBRo878qM239ugxFQFYj
vIT5Qp4lvg48Cn1BpxTNQTA74qOwBVzb4QqlSTGh+kwMNwiIjsRpCA==
=/v2t
-----END PGP SIGNATURE-----
1
0