openSUSE Security Announce April 2001

security-announce@lists.opensuse.org

2 participants
6 discussions

SuSE Security Announcement: hylafax (SuSE-SA:2001:15)
by thomas＠suse.de 20 Apr '01

20 Apr '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: hylafax Announcement-ID: SuSE-SA:2001:15 Date: Friday, April 20th, 2001 10.26 MEST Affected SuSE versions: [6.1, 6.2,] 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local root compromise Severity (1-10): 7 SuSE default package: no Other affected systems: all systems using hylafax Content of this advisory: 1) security vulnerability resolved: hylafax problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The HylaFax program hfaxd(8c) implements the server part of the HylaFax package. It is started either by inetd(8) or runs in standalone mode. hfaxd(8c) offers three different protocols to process fax jobs. When hfaxd(8c) tries to change to it's queue directory and fails, it prints an error message via syslog by directly passing user supplied data as format string. As long as hfaxd(8c) is installed setuid root, this behavior could be exploited to gain root access locally. As a workaround remove the setuid bit: /bin/chmod u-s /usr/lib/fax/hfaxd or restrict access to trusted users only: /bin/chown root.trusted /usr/lib/fax/hfaxd /bin/chmod 4750 /usr/lib/fax/hfaxd Download the update package from locations described below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n3/hylafax-4.1beta2-251.i386.rpm a3d5d0d5a8977852b02dc9b7352054aa source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/hylafax-4.1beta2-251.src.rpm b5c8877de53db86eabfae932142221d7 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n2/hylafax-4.1beta2-254.i386.rpm 5be3094195a789d83b02d59ab343d7b5 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/hylafax-4.1beta2-254.src.rpm 87ee1d77eea95eac74c6b8355912ad9f SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n2/hylafax-4.1beta2-253.i386.rpm 90a894b8d47a94125992f3a64a6ada44 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/hylafax-4.1beta2-253.src.rpm 7b53ca017efdd9371c9a6207095a8c2f SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n2/hylafax-4.1beta2-252.i386.rpm 340e64a902a2e3f73b7d1771739c5b59 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/hylafax-4.1beta2-252.src.rpm edb05a6191ab7d5533d1d9eb9ef0d255 Sparc Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/n3/hylafax-4.1beta2-218.sparc.… 1449e568071f5fb6080efebb8f2a7a2b source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/hylafax-4.1beta2-218.src.r… bf8c780206da51bc548e9fd4264b9bfc SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n2/hylafax-4.1beta2-218.sparc.… bb265465ea8b84ca31b5c954266daf1d source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/hylafax-4.1beta2-218.src.r… b5bcae601fe056f399fc8696aa156529 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/n2/hylafax-4.1beta2-211.alpha.rpm 2ee3176e2b425c494bd37d22f2ea090c source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/hylafax-4.1beta2-211.src.rpm f89c3771432d84a3e7c3ab2f4331d73c SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n2/hylafax-4.1beta2-211.alpha.rpm 5aecfb997867f8f72164f27dc220f95b source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/hylafax-4.1beta2-211.src.rpm 09f1cbb3714dfe75e1aa3ff2a52c13a3 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n2/hylafax-4.1beta2-211.alpha.rpm 39f12bc3f09bab26c60df98a2b52b64e source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/hylafax-4.1beta2-211.src.rpm 6a48eac9982dfca01a1ed904cacfb2c8 PPC PowerPC Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n3/hylafax-4.1beta2-164.ppc.rpm a42c7bc70e25a6725d8e2a76870be1d4 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/hylafax-4.1beta2-164.src.rpm 9c064b869fb7c73f453a254b5f3780be SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n2/hylafax-4.1beta2-165.ppc.rpm 81387d514f089a7060bc6dacb15358a8 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/hylafax-4.1beta2-165.src.rpm 35ec2293fb0390cb827935499506ed89 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n2/hylafax-4.1beta2-165.ppc.rpm be20c8f1ef2488c8db711744eab2233b source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/hylafax-4.1beta2-165.src.rpm 4af4d6b8e948b39a1d4040adaad27c0a ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - Updated man RPMs will be available in a few days. - In the past weeks, some security related bugs in the Linux kernel 2.2 and 2.4 were found. An announcement, that addresses this will be released asap. - Samba has serveral security problems, which could lead to local root access. Samba 2.0.8 fixes these problems. New RPMs are currently being built. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOuACUHey5gA9JdPZAQHrdwf/TIjn3G879Q4Vb5im5T7CkHr+YF6pGbp4 NjxEM8j8lSPnXy1iJwYRuSV7UT7Jrcqe2lm008IUMD9xN73ybUjnjiG2dzCYfI52 xYImtlzTiAlaGVHtnPGBBj7K3MOLqCQsgr2FkjJ6/LOsdFrBSa2BNEcl+fy/9n72 2+fZN04hdgpkd9uGrbkZPch0XbYYG5Ij54lM2LKBqZ7RcAgtGToR8nJ/vyMCv9kJ ivPmPX6Jr/CYxw1gKNprpEAV9GiaI70rGDazW7bM9s94LVuEJmOt4bJzVnYzY3wK cz1UAnHZ3MWM8HmYj3Awl4elBmtFpiYJR8tfrc9pyOPSZir78ZvCdA== =KFNn -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas(a)suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84

1 0

SuSE Security Announcement: nedit (SuSE-SA:2001:14)
by thomas＠suse.de 19 Apr '01

19 Apr '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: nedit Announcement-ID: SuSE-SA:2001:14 Date: Wednesday, April 18th, 2001 13.06 MEST Affected SuSE versions: [6.1, 6.2] 6.3, 6.4, 7.0, 7.1 Vulnerability Type: locoal privilege escalation Severity (1-10): 3 SuSE default package: no Other affected systems: all systems using nedit Content of this advisory: 1) security vulnerability resolved: nedit problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The Nirvana Editor, NEdit, is a GUI-style text editor based on popular Macintosh and MS Windows editors. When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root. There is no workaround possible, because tmpnam(3) ignores the TMPDIR environment variable. Just install the new RPM to fix this problem. Download the update package from locations described below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/nedit-5.1.1-151.i386.rpm 07efdf2fa5c475fcf40633d392d4ae1d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/nedit-5.1.1-151.src.rpm 27e52c3688082257d7f7ecf81c461ad9 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/nedit-5.1.1-151.i386.rpm b9846658b0f9c8330b8f9c5732b9e115 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/nedit-5.1.1-151.src.rpm d2dc1c39dbad292326f953e1e84fe187 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/nedit-5.0.2-207.i386.rpm c5c6eebe946463926583272690ca4d27 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/nedit-5.0.2-207.src.rpm 0a486fa81f4b84ab6f09bd5353b0fd4d SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/nedit-5.0.2-208.i386.rpm e1e0baeca49ce972df89a5bb5ebfc6c2 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/nedit-5.0.2-208.src.rpm 9a3328dc8fb8a4da343be20c10cb0c02 Sparc Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/xap2/nedit-5.1.1-135.sparc.rpm 2370e09571b1037270d34afb555cc408 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/nedit-5.1.1-135.src.rpm 0ac1364f6b97d503444e6fcb4a0b20df SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/nedit-5.1.1-134.sparc.rpm a60e8f47d4ac4794f7ee472ef1d7ccb4 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/nedit-5.1.1-134.src.rpm 96c96dda6b1ba8b91bebbf3f1a9a56c6 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/nedit-5.0.2-207.alpha.rpm cde274f25bec040ae289ef0fb8520b7e source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/nedit-5.0.2-207.src.rpm 4cdff5d4836bf4f926298bb3b3a1c513 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/nedit-5.0.2-207.alpha.rpm fc7fc98267dc76ceec30633068d72533 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/nedit-5.0.2-207.src.rpm fc3ddc09f7c3383b01721e6462f77748 PPC PowerPC Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/xap2/nedit-5.1.1-122.ppc.rpm 1f413b9e77263ec37d0e42dde6cb55d1 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/nedit-5.1.1-122.src.rpm 403bcf64a6ba2824899316e3bd8ea41d SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/nedit-5.1.1-122.ppc.rpm e771c3bcd7cbc0121a527089ad40a336 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/nedit-5.1.1-122.src.rpm f45e0786fefb5c92fbd61e8c4a36ab32 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/nedit-5.0.2-146.ppc.rpm 7dcb7bf1110311063daac06df1f7cccb source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/nedit-5.0.2-146.src.rpm 5f1d6da7f268b8c10f7ea8a4f7a1fab5 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - New RPMs for HylaFax, a Fax Server, are currently being build, which fix a format bug in hfaxd, which could lead to local root privilege. - Updated man RPMs will be available in a few days. - In the past weeks, some security related bugs in the Linux kernel 2.2 and 2.4 were found. An announcement, that addresses this will be released this week. - Samba has serveral security problems, which could lead to local root access. Samba 2.0.8 fixes these problems. New RPMs are currently being build. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOt6v6ney5gA9JdPZAQHoGQf+OVNf/4uNC9GXtDVBXrnp1suvSsnIpWHn fGsE55QqJhTYUfGSHbyELa3uPZ9gsQnHGpyKG1wMwGKbFRPKtF870cPRY5Q6s0zK XNA+FNLkMcyAHiw9McUkWQ8W786uiyP3PEGLNpLmKuI6acVd6drFsSqLf0MwRHNb fHmcJl29b1mk7cuUNuqfQ2Sr9bxnwVc03hTOsWZNYbrIqDoq8WsfUvs+drKfGEZy tPuo5McI8EL60SdO787+iMuUB759i86LzF+NK4fu7KWx31vx9ebRY5IpZh/mFfI5 Wq/C00KCI9gl0UO80Zhj6aQIc94VhwemrlM7uV0ICHWJwLHMt6fWUQ== =bQUE -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas(a)suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84

1 0

SuSE Security Announcement: sudo (SuSE-SA:2001:13)
by thomas＠suse.de 19 Apr '01

19 Apr '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: sudo Announcement-ID: SuSE-SA:2001:13 Date: Wednesday, April 18th, 2001 12.26 MEST Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: possible local root compromise Severity (1-10): 6 SuSE default package: no Other affected systems: all systems using sudo Content of this advisory: 1) security vulnerability resolved: sudo problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The setuid application sudo(8) allows a user to execute commands under the privileges of another user (including root). sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise. There is no exploit known to be public. A useful workaround isn't possible, the only fix is to install the new sudo packages. Download the update package from locations described below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/sudo-1.6.3p6-3.i386.rpm b0d658c98effd4e11bed6d8c1f5f80f9 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/sudo-1.6.3p6-3.src.rpm a4b44f0998a165b3a69c598075420b7f SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/sudo-1.6.3p6-21.i386.rpm a002d657c7faf24b9fb5b430061e6c19 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/sudo-1.6.3p6-21.src.rpm d9ebc68015886fb642a1795e21bde788 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/sudo-1.5.9p1-79.i386.rpm 8a25b40ba081be885b214410b3c662ce source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/sudo-1.5.9p1-79.src.rpm 9a13efa0d76a4fe3cbda7dcd2e2befe0 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/sudo-1.5.9p1-80.i386.rpm a6e359c6449d764199bce3b7bc2867d8 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/sudo-1.5.9p1-80.src.rpm b89db78d5b8d04b10ac6e17c29cec1c4 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/sudo-1.5.9p1-79.i386.rpm c3fbbff2219bf948f9b209eefafab4fe source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/sudo-1.5.9p1-79.src.rpm 85ae3e3b9ef159201bb661e8f83e82d3 SuSE-6.1 Packets for 6.1 won't be available, sorry. Try to install the 6.2-RPM, please. Sprac Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/ap1/sudo-1.6.3p6-8.sparc.rpm 5531c5be20082b084e940d4e66dffea0 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/sudo-1.6.3p6-8.src.rpm 98fb9920e8de32727deb5e4295ee70d4 SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/sudo-1.6.3p6-9.sparc.rpm cdd87431019ace22d0a2b0d46b294856 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/sudo-1.6.3p6-9.src.rpm 846035dcf0e42d22aac5d0dc77d90a02 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/sudo-1.6.3p6-12.alpha.rpm c0fea14a3c0e565892f150cf97d971ed source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/sudo-1.6.3p6-12.src.rpm 42651a443d7ca62415bc2d3ef3dc5bde SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/sudo-1.5.9p1-79.alpha.rpm 9a177de02176df90d8006fc7e8adae0d source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/sudo-1.5.9p1-79.src.rpm 9f52a3df082ba513cbc0af5da6cccbe4 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/sudo-1.5.9p1-79.alpha.rpm 5bbe1f211cb53758ad2840d192280269 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/sudo-1.5.9p1-79.src.rpm 4687f818ab5dbc50b1c0a3b907775f30 PPC PowerPC Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/ppc/update/7.1/ap1/sudo-1.6.3p6-5.ppc.rpm 199a677423a84bc577a7a9199e5e22d4 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/sudo-1.6.3p6-5.src.rpm 49ed607375823b56d819e0610e3a8d31 SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/sudo-1.6.3p6-10.ppc.rpm 03ffbcf07ba9a4222c75b162c97f9292 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/sudo-1.6.3p6-10.src.rpm a07d0b0283ca83e14c4d58ca9bcc933c SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/sudo-1.5.9p1-80.ppc.rpm b5c9dee89ee0101fa8ac5795c1e8e49c source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/sudo-1.5.9p1-80.src.rpm bfc917660898fdf9f2de170895ca7b22 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - New RPMs for HylaFax, a Fax Server, are currently being build, which fix a format bug in hfaxd, which could lead to local root privilege. - NEdit a GUI-style text editor needs an update due to a tmp race condition. The source code is currently being reviewed and new RPMs will be available within the next days. - Updated man RPMs will be available in a few days. - In the past weeks, some security related bugs in the Linux kernel 2.2 and 2.4 were found. An announcement, that addresses this will be released this week. - Samba has serveral security problems, which could lead to local root access. Samba 2.0.8 fixes these problems. New RPMs are currently being build. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOt6upXey5gA9JdPZAQE56gf/ezpPVXpQRzpr8BLU1bVi476xG64cRdWs XEtnrjPHo6AJH1WpPM6ousQrYnP0PJW2yasmIg0zEVjQiiI3TmjxDayKKh5SaMmY zq4Gm98XAJotBN/pNszmjlWJ1kAfLllux2m1GC8d24adS87YPoRROgBLx3//RxRj DRsrw6wIEKIBfJkY1TMaS8lCT7Vdl5QhVsVDxKpygEtwwiSy2u0YKyRrfaY45vg4 M63exyEauwwn/Kyg79vQSbqI/u7dB2l9pW1TuMAy9BYZkkCJGKvaVUC/bnmMmTCx dYRl7yFX/C69bfNMb4BcSAmkPct/FN4Lvq8RF7nTy4eiKTjB+TOJvw== =mDVO -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas(a)suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 51 AD B9 C7 34 FC F2 54 01 4A 1C D4 66 64 09 84

1 0

SuSE Security Announcement: vim/gvim (SuSE-SA:2001:12)
by thomas＠suse.de 10 Apr '01

10 Apr '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: vim/gvim Announcement-ID: SuSE-SA:2001:12 Date: Tuesday, April 10th, 2001 15.23 MEST Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local privilege escalation Severity (1-10): 5 SuSE default package: yes Other affected systems: all system using vim/gvim Content of this advisory: 1) security vulnerability resolved: vim/gvim problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The text editor vim, Vi IMproved, was found vulnerable to two security bugs. 1.) a tmp race condition 2.) vim commands in regular files will be executed if the status line of vim is enabled in vimrc Both vulnerabilities could be used to gain unauthorized access to more privileges. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. vim: ---- i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/vim-5.7-71.i386.rpm db368baa134c23b3578c8022a66d2703 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/vim-5.7-71.src.rpm 00cf66142e477e24824410c8bf9e8702 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/vim-5.7-73.i386.rpm 3a35734d8737c4f1e97ca9a6c1f68073 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/vim-5.7-73.src.rpm 6275c8d938a7254e648ba33765613573 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/vim-5.7-72.i386.rpm 7db6e43273fcfccf0f019246ba43fd05 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/vim-5.7-72.src.rpm f2d7177a61b1794068412ea687b9ecf6 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/vim-5.7-72.i386.rpm c12a03ff18235ea3421b18c48d6448af source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/vim-5.7-72.src.rpm b6e46176215691fc398fc6184e437a36 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/vim-5.7-71.i386.rpm a9f2154d991f9eb848dff3ffa1dcf430 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/vim-5.7-71.src.rpm 8e554dbfe786562204039358df810984 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/a1/vim-5.7-72.i386.rpm fcef6ade53f01ffe4cd8a7b8c033e176 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/vim-5.7-72.src.rpm e3d554b1354208ca6175c4757bab0373 Sparc Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/sparc/update/7.1/a1/vim-5.7-54.sparc.rpm 6746fc4eafc91ba5fa6d6377f22efdbd source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/vim-5.7-54.src.rpm de427c49af200e5fefa62a39959eaaaf SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/vim-5.7-54.sparc.rpm 7648859cc6a584ce1a2715cf7bc34bdc source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/vim-5.7-54.src.rpm 934385ba01d59fc7bdd1bbaeca0cf260 AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/vim-5.7-57.alpha.rpm ebe9dfc83dd1294b83d6b3aaad92fca0 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/vim-5.7-57.src.rpm 038ab54d8a08f96b61118373f5e00948 SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/vim-5.7-57.alpha.rpm 24d5f1365522d267650be44f80ab0b52 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/vim-5.7-57.src.rpm 0a7a5bbde8e645254f4a5bd6cd402943 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/a1/vim-5.7-57.alpha.rpm b496518ea1640852e17ddb1274759fc4 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/vim-5.7-57.src.rpm 1760adfac8e70bff334d74330acbefed SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/vim-5.7-57.alpha.rpm dc633df2ac8fafa41c76d5c0216ed149 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/vim-5.7-57.src.rpm 610088cca725fec62a4e7d6f1b030af1 PPC PowerPC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/vim-5.7-20.ppc.rpm 0b9ecb77901b15a90bf25623701d834b source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/vim-5.7-20.src.rpm 3224f60fa80f27a9fb249a69c0ceaf01 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/vim-5.7-19.ppc.rpm 2044541d409bd756a166a75515214ffa source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/vim-5.7-19.src.rpm cac70ab3c2dee163d490bd85126f70aa gvim: ----- i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/xap2/gvim-5.7-79.i386.rpm 066d163c43a6bb58f7a4a3770f179770 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/gvim-5.7-79.src.rpm e6e92c8c4de39bd3a5899a55d6003d82 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/xap1/gvim-5.7-79.i386.rpm 16973a740f4a1fc2f2a189f036a10fe9 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/gvim-5.7-79.src.rpm fecbd910f57b351e992f7b7015e3149b SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/xap1/gvim-5.7-78.i386.rpm 1700470566ac4fb2e5588771f07638ed source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/gvim-5.7-78.src.rpm 43a49e33acb8b9f017e6e5846ba636df SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/xap1/gvim-5.7-78.i386.rpm db2abf1a9414b36466eb3d1186df5a7e source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/gvim-5.7-78.src.rpm 0b0b50b4987d594ee48a146e939f7152 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/xap1/gvim-5.7-77.i386.rpm 125171df7f45c80c10ea0fd52f944a6a source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/gvim-5.7-77.src.rpm 634e7b355274aed0af0fd7ac83218d78 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/xap1/gvim-5.7-78.i386.rpm 1d18996bf9666269db7893ae340e5642 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/gvim-5.7-78.src.rpm 9279a59d6eb1942186e1233c6f0ebcf1 Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/xap1/gvim-5.7-59.sparc.rpm d415a24027510882b68d4ddcf1970ab4 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/gvim-5.7-59.src.rpm 57bfa58f0f7c46354edc78f0fc694d43 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/xap1/gvim-5.7-57.alpha.rpm 4cd25502d4ac5067fc64cd917ebd9018 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/gvim-5.7-57.src.rpm 347a84634805a6efa1ebf76df2a8ddb5 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/xap1/gvim-5.7-57.alpha.rpm 5808f168b8632c85518d61ecec33e3d1 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/gvim-5.7-57.src.rpm 9402b1f0440b71a6aa0c1a60748dd26d SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/xap1/gvim-5.7-57.alpha.rpm b74d1cb6f7200d0bcf6ddbe1310e28c7 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/gvim-5.7-57.src.rpm 599e9ed0a326a9b86a6584f0a24ae4ad PPC PowerPC Paltform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/xap1/gvim-5.7-58.ppc.rpm 27e579ff062662425a3581da6d08bce9 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/gvim-5.7-58.src.rpm 42a9a5b423848bbe381251c15a095a65 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/xap1/gvim-5.7-57.ppc.rpm 07b386f3dbaca5c9b3f8c440ba59c782 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/gvim-5.7-57.src.rpm 4ddef3c55da33c3b548dd055d3d9b75b ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - We are in the process of preparing update packages for the man package which has been found vulnerable to a commandline format string bug. The man command is installed suid man on SuSE systems. When exploited, the bug can be used to install a different man binary to introduce a trojan into the system. As an interim workaround, we recommend to `chmod -s /usr/bin/manŽ and ignore the warnings and errors when viewing manpages. - A bufferoverflow in sudo was discovered and fixed RPMs will be available as soon as possible. A exploit was not made public until now. - NEdit a GUI-style text editor needs an update due to a tmp race condition. The source code is currently being reviewed and new RPMs will be available within the next days. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOtMMyXey5gA9JdPZAQFnUwgAmiUtFvm1KydQIAQZKbQfSDdCL+gcpdJs 5NLVWTNGGL/pxP7y1l+7/kg107TrO7QKzfzfm/tKODu7m4jAvao8QMEnXP3GIzK5 jPSK7sckztfIsp7Rgom/yjgEZk2UrKbZadr5ASnen/QGuppsUL7qL8QvcCie2Ypv NYAIC44gdJBrZRC7joNAtOLoSOfNIR6Hj3wkbmKpWVKANCZPnLwLpXn/4rd9Xorz S0FKR+FzsigN7zHkeIzeqezYBTsBfBSsRomHpkiiPsGFKBYDDc6nWsPTLlOWinww Pj5VrcQ2sqZKW5RF4ET+w3v2GjGKRP/vcQMbP9qrIy8VNl9/MztskA== =C7Jm -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas(a)suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47

1 0

SuSE Security Announcement: mc (SuSE-SA:2001:11)
by thomas＠suse.de 10 Apr '01

10 Apr '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: mc Announcement-ID: SuSE-SA:2001:11 Date: Tuesday, April 10th, 2001 15.21 MEST Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1 Vulnerability Type: local privilege escalation Severity (1-10): 4 SuSE default package: no Other affected systems: all system using mc Content of this advisory: 1) security vulnerability resolved: mc problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation. There does no workaround exist. The only solution is to update the mc package. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/mc-4.5.51-1.i386.rpm c1eb197dff39e61065c498fa91347836 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/mc-4.5.51-1.src.rpm cb768e70eacbf622464a71d8b5983769 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/mc-4.5.50-1.i386.rpm 2770c2df6acd3e3ec8d9195e689aa037 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/mc-4.5.50-1.src.rpm 579a86de5c2a14e61d0b6097611fdfb7 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/mc-4.5.42-47.i386.rpm c16569cbbeb1d42823c1b6abdd61c03e source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/mc-4.5.42-47.src.rpm d30069c9d3bf76b6f90d11b6cff86133 SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/mc-4.5.40-3.i386.rpm 655a6cac8bdb49789ee55c3bdc38e104 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/mc-4.5.40-3.src.rpm 969a5f5427e04ea2710516ae3b9360c6 SuSE-6.2 ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/mc-4.5.37-20.i386.rpm c6cf641cd54c976df4f64a0fa1263d65 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/mc-4.5.37-20.src.rpm ccdd4d9e727edc45c610013f69af9c86 SuSE-6.1 ftp://ftp.suse.com/pub/suse/i386/update/6.1/ap1/mc-4.5.33-1.i386.rpm 2dd900869259558ef6ad9b16e056322d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/mc-4.5.33-1.src.rpm 10c3a9ae63cbd8e43923f9245bba166c Sparc Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/mc-4.5.50-1.sparc.rpm 16fab4824da5347fe243bfd8a3196a02 source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/mc-4.5.50-1.src.rpm f8a51dd5975e6c1c34492f1fae6c66c7 AXP Alpha Platform: SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/mc-4.5.42-47.alpha.rpm dd80759475ca682a421cdd7dff4c6539 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/mc-4.5.42-47.src.rpm 1d98da3743c951003b99bf8b88b577f1 SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/mc-4.5.40-1.alpha.rpm 31a77b496e6c4185b0d9dd50336fb238 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/mc-4.5.40-1.src.rpm dae662f3de8f42590feb62e1dc3abce8 SuSE-6.1 ftp://ftp.suse.com/pub/suse/axp/update/6.1/ap1/mc-4.5.33-14.alpha.rpm 58906f33013bc64cc090ed56c05ab6d7 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/mc-4.5.33-14.src.rpm 32727c15d6df11ceaa07afbd67b96b64 PPC PowerPC Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/mc-4.5.50-1.ppc.rpm 0f17db922b03ee5db09e46311b5c1096 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/mc-4.5.50-1.src.rpm aa1d77e05edd2b6097896be3bc3433d2 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/mc-4.5.42-47.ppc.rpm 018dbd5d4f7ed760e5fcfe22bceee016 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/mc-4.5.42-47.src.rpm e56125ce9edd85accd1ea2830e578504 ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - We are in the process of preparing update packages for the man package which has been found vulnerable to a commandline format string bug. The man command is installed suid man on SuSE systems. When exploited, the bug can be used to install a different man binary to introduce a trojan into the system. As an interim workaround, we recommend to `chmod -s /usr/bin/manŽ and ignore the warnings and errors when viewing manpages. - Two bugs were found in the text editor vim. These bugs are currently being fixed. - A bufferoverflow in sudo was discovered and fixed RPMs will be available as soon as possible. A exploit was not made public until now. - NEdit a GUI-style text editor needs an update due to a tmp race condition. The source code is currently being reviewed and new RPMs will be available within the next days. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOtMMnHey5gA9JdPZAQGAxAgAnwW45oAtOGMOySwqVdhKwqIrN/7FOEED 3FvQtMrLlICwAqD/DaS35qQs2IqIWfVtAm/bRoLlNwAkizmu4P2InskvNBXO9YuS YdbntegiAdmX/7P55/9xBdOZub4PRi5jk7MWRJd//VWaumgx4RZHWnVvtI2eSWKT xc6yBgxPfTlQQxp8mh3oUbAgkUf3kfE2CuSs7NXk7dV0xoenjfObt/3SPlHEBaRw ASFDcXk8PiRPAM1KhtzkKQqGYDijDGfzXJ65pU2dm5mqUa2hwJrVFtLfMwPD7nYP 9Bvk4ym0iXQ3LNIQgYFgTcCuM4W4BV1IB4YeHyorDsOwbl2K7QggkQ== =IWSy -----END PGP SIGNATURE----- Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas(a)suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47

1 0

SuSE Security Announcement: xntp (SuSE-SA:2001:10)
by draht＠suse.de 09 Apr '01

09 Apr '01

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SuSE Security Announcement Package: xntp Announcement-ID: SuSE-SA:2001:10 Date: Monday, April 9th 22:30 MEST Affected SuSE versions: (6.0, 6.1, 6.2), 6.3, 6.4, 7.0, 7.1 Vulnerability Type: remote root compromise Severity (1-10): 8 SuSE default package: no Other affected systems: systems using xntp in newer versions Content of this advisory: 1) security vulnerability resolved: xntp problem description, discussion, solution and upgrade information 2) pending vulnerabilities, solutions, workarounds 3) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion, solution, upgrade information xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem. A temporary workaround is to kill the daemon and to set the variable START_XNTPD in the file /etc/rc.config to "no" so that the daemon will not be started again upon reboot of the system. Correct the system time manually if necessary or adjust the time by running ntpdate from a cron job on a regular basis. We believe that this problem is generally underestimated since the xntpd daemon tends to get forgotten over the years of a system's life- time once installed and configured. The xntpd daemon is not started by default in SuSE Linux distributions. We strongly recommend to immediately update the xntp package on each system where the daemon is installed, configured and running. Note: The xntp update packages for most distributions have been available for download since Friday last week. The packages for all 6.4 and 7.0 version distributions had to be rebuilt due to a specfile bug that did not show up earlier and that caused a delay in building packages. This bug causes the rpm subsystem to complain about the release number of the package. Now that this bug is corrected, you might find yourself having installed a package where there is a newer version of the package on the ftp server. However, regardless of the package release number, all published packages fix the currently known security problems in the xntpd network time daemon. Note: The source rpm of xntp in newer distributions generates two packages: xntp.rpm and xntpdoc.rpm. It is not necessary to update the xntpdoc package which is why we do not provide the update packages on our ftp server. The xntpdoc package only contains the documentation for the xntp package and did not change in this updated package. Download the update package from locations desribed below and install the package with the command `rpm -Uhv file.rpm'. The md5sum for each file is in the line below. You can verify the integrity of the rpm files using the command `rpm --checksig --nogpg file.rpm', independently from the md5 signatures below. SPECIAL INSTALL INSTRUCTIONS: ============================== The xntpd daemon must be restarted for the new package to become active after the installation of the update rpm. You can do this by running the command kill -15 `pidof xntpd` as root. After performing the upgrade using the rpm command above, you can restart the xntpd: rcxntpd start You should now see the new daemon synchronizing in your syslogs, depending on where you configured the daemon to write its logs to. i386 Intel Platform: SuSE-7.1 ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/xntp-4.0.99f-34.i386.rpm 9e39ca8f7b01fef22766463b8295e25d source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/xntp-4.0.99f-34.src.rpm dfa51b46c92b917353f52e5d83863478 SuSE-7.0 ftp://ftp.suse.com/pub/suse/i386/update/7.0/n1/xntp-4.0.99f-37.i386.rpm 4293ad8a3e084ec5d773bbcab8380c08 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/xntp-4.0.99f-37.src.rpm 745b894dcb6a97caa36f97858a51e279 SuSE-6.4 ftp://ftp.suse.com/pub/suse/i386/update/6.4/n1/xntp-4.0.99f-38.i386.rpm 8001ac19d0ee812be82b6b066b4313d5 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/xntp-4.0.99f-38.src.rpm 7d56618cba3d768aa53246f39158987d SuSE-6.3 ftp://ftp.suse.com/pub/suse/i386/update/6.3/n1/xntp-4.0.98d-1.i386.rpm 2f5d7b43b167c6acf13f68b13b1b7989 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/xntp-4.0.98d-1.src.rpm 11182e5e8c3769e6f9498ade9fcbe1fc SuSE-6.2 (unsupported platform) ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/xntp-4.0.93a-18.i386.rpm 5b55d179e3d4a0c57513bed03013c1a9 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/xntp-4.0.93a-18.src.rpm dbb7c833ddc25b0bde406b4319d4106f SuSE-6.1 (unsupported platform) ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/xntp-4.0.92c-1.i386.rpm baa93b55a4eaa486968fa6285f04c865 source rpm: ftp://ftp.suse.com/pub/suse/i386/update/6.1/zq1/xntp-4.0.92c-1.src.rpm 06f0174e8934e3ce6f419284564a7c91 Sparc Platform: SuSE-7.1 The xntp packages for the SuSE-7.1 sparc distribution are currently pending for being built. They will be available on the ftp server as soon as they are built. The packages are gpg-signed using the key <build(a)suse.de> that should have been installed on your system upon system installation/upgrade. Use the command `rpm --checksig xntp.rpmŽ to verify this signature once the packages are available for download. In the meanwhile, please use the temporary workaround as described above. SuSE-7.0 ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/xntp-4.0.99f-19.sparc.rpm bea9ea6a88ae68f27962d1b9ad866eac source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/xntp-4.0.99f-19.src.rpm 83243db2982126e1a6ba371ef6dcf59b AXP Alpha Platform: SuSE-7.0 ftp://ftp.suse.com/pub/suse/axp/update/7.0/n1/xntp-4.0.99f-22.alpha.rpm e410a96c44f12ba3d51a4f1f3e056fcd source rpm: ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/xntp-4.0.99f-22.src.rpm 61ed8e66753868735cd14e94cb295718 SuSE-6.4 ftp://ftp.suse.com/pub/suse/axp/update/6.4/n1/xntp-4.0.99f-22.alpha.rpm 9460bd3eaf5500c0184d9394b8b86627 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/xntp-4.0.99f-22.src.rpm 5c62ef99f064b687047087562cfe54ca SuSE-6.3 ftp://ftp.suse.com/pub/suse/axp/update/6.3/n1/xntp-4.0.98d-1.alpha.rpm ad8c8494f0aaa06a1690e4edcaa43904 source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/xntp-4.0.98d-1.src.rpm 743fe2aba27f1801ac5b14cff2f2edb6 SuSE-6.1 (unsupported platform) ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/xntp-4.0.92c-40.alpha.rpm d400eeecb9bd0b4347f3fe58f7f90fee source rpm: ftp://ftp.suse.com/pub/suse/axp/update/6.1/zq1/xntp-4.0.92c-40.src.rpm e2d01c31542ebbf8c740b820a6372ad1 PPC Power PC Platform: SuSE-7.1 The xntp packages for the SuSE-7.1 ppc distribution are currently pending for being built. They will be available on the ftp server as soon as they are built. The packages are gpg-signed using the key <build(a)suse.de> that should have been installed on your system upon system installation/upgrade. Use the command `rpm --checksig xntp.rpmŽ to verify this signature once the packages are available for download. In the meanwhile, please use the temporary workaround as described above. SuSE-7.0 ftp://ftp.suse.com/pub/suse/ppc/update/7.0/n1/xntp-4.0.99f-21.ppc.rpm 2d82e8f63df84cb409df7659437c1177 source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/xntp-4.0.99f-21.src.rpm a0bce6c36cf30da1aa587e03103a01f6 SuSE-6.4 ftp://ftp.suse.com/pub/suse/ppc/update/6.4/n1/xntp-4.0.99f-21.ppc.rpm fe9082268bdf53dddcaad075284f899b source rpm: ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/xntp-4.0.99f-21.src.rpm 1940b97593e3e134487d294a721e350d ______________________________________________________________________________ 2) Pending vulnerabilities in SuSE Distributions and Workarounds: - kernel Please expect security updates of the Linux kernel soon. To resolve all currently known security problems in the Linux kernel, update the kernel manually to version 2.2.19 or wait until the SuSE update rpm packages for the supported distributions 6.3, 6.4, 7.0 and 7.1 are ready to be used and available for download. - more updates In addition to the kernel update, please expect more packages to see security updates. Currently, this involves vim, mc and sudo. - bind8 The update packages for the 7.0 sparc distribution is available. ftp://ftp.suse.com/pub/suse/sparc/update/7.0/n1/bind8-8.2.3-39.sparc.rpm c7e2a95bd4b90d03207ffc3a9880c36c source rpm: ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/bind8-8.2.3-39.src.rpm 5d4d4b608f2a8a3e61f7dc6917254f4f The SuSE-7.1 sparc distribution was published after the bugs in bind8 were corrected. ______________________________________________________________________________ 3) standard appendix: SuSE runs two security mailing lists to which any interested party may subscribe: suse-security(a)suse.com - general/linux/SuSE security discussion. All SuSE security announcements are sent to this list. To subscribe, send an email to <suse-security-subscribe(a)suse.com>. suse-security-announce(a)suse.com - SuSE's announce-only mailing list. Only SuSE's security annoucements are sent to this list. To subscribe, send an email to <suse-security-announce-subscribe(a)suse.com>. For general information or the frequently asked questions (faq) send mail to: <suse-security-info(a)suse.com> or <suse-security-faq(a)suse.com> respectively. =============================================== SuSE's security contact is <security(a)suse.com>. =============================================== ______________________________________________________________________________ The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. SuSE GmbH makes no warranties of any kind whatsoever with respect to the information contained in this security advisory. Type Bits/KeyID Date User ID pub 2048/3D25D3D9 1999/03/06 SuSE Security Team <security(a)suse.de> - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12Cg== =pIeS - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQEVAwUBOtIdLXey5gA9JdPZAQGX0Af/RbqT5xox/JWc6gz7QGxA/TCKrLvk3rO3 RBesK0QJ/GqEWZh3CI81CyXCHZiyOkKzmUo5+BhX5NU4OnmuvVokofTk/cAQxh1M 6HzcUySvNrru79VwSuFE1nFGuyzWSDkKAAgD2/mP0fSporpinJTeVJm/JkXH3jau sOq+eIzhi7grtnVgbIueGR8mGrAg8COLlCx7GjYLd+VQxeS+eOtT16sLY4gMDV43 RDzpRA5dWFh48KGkncA5/0Cuvs46LTmBkVDgyflgyG1h+dmrSlfXSvoLyo08lupy ekFi4zg2H91Bb7SX0FFs456R42S02arJyld2/xm8IR9fkR18Ve12gg== =6ds6 -----END PGP SIGNATURE-----

1 0

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

openSUSE Security Announce April 2001