-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Summary Report
Announcement-ID: SUSE-SR:2004:002
Date: Tuesday, Nov 30th 2004 14:00 MEST
Cross References: CAN-2004-0504
CAN-2004-0505
CAN-2004-0506
CAN-2004-0507
CAN-2002-0029
CAN-2004-0888
CAN-2004-0889
CAN-2004-0986
Content of this advisory:
1) solved security vulnerabilities:
- perl-Archive-Zip file evasion problem
- evolution certificate handling
- resmgr fake tty addition
- xpdf issues: tetex
- abiword / wv buffer overflows
- iptables - uninitialised variable
- gnome-vfs issues
- glibc missed buffer overflow fixes
- ethereal protocol handler problems
2) pending vulnerabilities, solutions, workarounds:
- kernel problems
- cyrus-imapd remote problems
- Sun Java Plugin
- setuid perl permissions
3) standard appendix (further information)
______________________________________________________________________________
1) solved security vulnerabilities
To avoid spamming lists with advisories for every small incident,
we will release weekly summary advisories for issues where we have
released updates without a full advisory. Since these are minor
issues, md5sums and ftp urls are not included.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- perl-Archive-Zip
perl-Archive-Zip are Perl modules to handle extraction of ZIP
archives. These had the bug that for certain invalid headers,
extracted files could have the size 0 shown, but otherwise
were extracted correctly. This trick could have been used by
virus authors to fool virus scanners. It was found by iDEFENSE
security, refer to this URL:
http://www.idefense.com/application/poi/display?id=153
All SUSE Linux based products are affected.
- evolution
There was a problem in the evolution SSL certificate handling
which lead to always untrusted certificates.
All SUSE Linux based products up to SUSE Linux 9.1 and SUSE Linux
Enterprise Server 9 are affected.
- resmgr
resmgr is used for handling permissions of normal desktop based
devices (audio, video, USB, and similar) in a safe and secure way.
It was possible for a remotely logged in user to gain access to
the virtual desktop group, indirectly gaining access to the desktop
devices.
SUSE Linux 8.2 up to 9.2, and SUSE Linux Enterprise Server 9
are affected.
- tetex
tetex contains PDF processing tools, which were affected by
the xpdf integer and buffer overflow vulnerabilities already
reported. The xpdf issues are tracked by the Mitre CVE Ids
CAN-2004-0888 and CAN-2004-0889.
All SUSE Linux based products are affected.
- abiword
abiword contains the Microsoft Word compatibility library "wv".
Several months ago we fixed buffer overflow issues in the "wv"
library, this is an update fixing the problem in the copy of "wv"
in abiword.
Only SuSE Linux 8.1 is affected by this problem.
- iptables
The iptables program used an uninitialized variable to find out
about the module loader for the first module loaded (ip_tables).
In rare cases it was possible that this could lead to this
module not being loaded and iptables based firewalls not
activated at all. We were not able to reproduce this and have no
reports of this happening, however we have released fixed packages
nethertheless. This is tracked by the Mitre CVE Id CAN-2004-0986.
All SUSE Linux based products are affected.
- gnome-vfs
Several GNOME vfs handlers had problematic code, for instance
unsafe argument evaluation and similar. We released updates
fixing the known issues.
All SUSE Linux based products are affected.
- glibc
A buffer overflow fix in the resolver libraries of glibc 2.2
was found missing. Reference is the Mitre CVE Id CAN-2002-0029.
Fixed packages are available.
SUSE Linux 8.1 and SUSE Linux Enterprise Server 8 are affected
by this problem.
- ethereal
Several protocol handlers in the network analysis tool ethereal
had security problems which could lead bad network input to
ethereal crashing.
These crashes are tracked by the Mitre CVE Ids CAN-2004-0504,
CAN-2004-0505, CAN-2004-0506, and CAN-2004-0507.
All SUSE Linux based products are affected.
______________________________________________________________________________
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- kernel
Several problems have been found in the Linux 2.4 and 2.6
kernels:
- Several issues have been found in the error handling of the ELF
loader routines by Paul Starzetz of isec.pl. These are tracked
by the Mitre CVE Ids: CAN-2004-1070,CAN-2004-1071,CAN-2004-1072
CAN-2004-1073.
- Several overflow checks in the smbfs handling of both Linux
2.4 and 2.6 were found missing by Stefan Esser.
This is tracked by the Mitre CVE Id CAN-2004-0883.
- Handcrafted a.out binaries could be used to trigger a local
denial of service condition in both 2.4 and 2.6 Linux kernels.
Fixes for this problem were done by Chris Wright.
This is tracked by the Mitre CVE Id CAN-2004-1074.
- A very small race window was found in the memory management of
the kernel which could be used to show the content of random
physical memory pages potentially leading to information
disclosure. This is already fixed in the mainline kernel.
These bugs affect all SUSE Linux products.
We are in the process of releasing updated packages.
- cyrus-imapd
Remote buffer overflow possibilites in the Cyrus IMAP daemon
were found by Stefan Esser and Sebastian Krahmer.
All SUSE Linux based products are affected.
- Sun Java Plugin
A privilege escalation problem was found in the Sun Java Plugin
which could have a remote attacker reading and writing files of
a local user browsing websites.
This bug affects all SUSE versions on the Intel x86 and AMD64 /
Intel Extended Memory Architecture (EM64T) platforms.
We are in the process of releasing updated Java packages.
- perl
SUSE LINUX 9.2 follows the new upstream policy to install
/usr/bin/suidperl as hardlink to /usr/bin/perl. In previous perl
versions it used to be a hardlink to /usr/bin/sperl*. Therefore
one must not set a setuid bit on /usr/bin/suidperl as suggested in
the rpm package description of perl. Set the bit on
/usr/bin/sperl5.8.5 instead if you really need the suid feature.
Also check your /etc/permissions.local file for references of
/usr/bin/suidperl if you where upgrading from previous SUSE LINUX
releases.
SUSE Linux is not affected by this problem in the default
installation, only if the administrator added the s-bit to
suidperl.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum