-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2008:003
Date: Thu, 07 Feb 2008 18:00:00 +0000
Cross-References: CVE-2006-4484, CVE-2007-2583, CVE-2007-2691
CVE-2007-2692, CVE-2007-4965, CVE-2007-5503
CVE-2007-5794, CVE-2007-5925, CVE-2007-5969
CVE-2007-6109, CVE-2007-6303, CVE-2007-6304
CVE-2007-6427, CVE-2007-6428, CVE-2007-6429
CVE-2008-0123
Content of this advisory:
1) Solved Security Vulnerabilities:
- SUN Java 1.5 and 1.6 update
- nss_ldap incorrect data
- cairo integer overflows in PNG decoder
- geronimo start script problems
- moodle XSS problems
- SDL_image GIF problems
- python imageop integer overflow
- Mysql security problems
- NX also affected by X.org security problems
- xemacs commandline buffer overflow
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
None listed this week.
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- SUN Java 1.5 and 1.6 update
SUN Java 1.5.0 was brought to update14 and SUN Java 1.6.0 was
brought to update4. Details for the security issues fixed are not
yet publicly known, but the changelog lists several issues marked
as security.
The update also contains timezone update 2007k and was released
for SUSE Linux 10.1, openSUSE 10.2 and 10.3.
- nss_ldap incorrect data
nss_ldap returned incorrect data under certain circumstances to
the calling process. Some applications could therefore work with
wrong user data (CVE-2007-5794).
This has been fixed for all distributions containing nss_ldap.
- cairo integer overflows in PNG decoder
The cairo libraries were updated to fix several integer overflows
while decoding PNG images. This can be exploited remotely with
user-assistance to execute arbitrary code. (CVE-2007-5503)
Updates have been provided for SUSE Linux Enterprise 10, SUSE Linux
10.1, openSUSE 10.2 and 10.3
- geronimo start script problems
A chown in the SUSE supplied Apache geronimo init script could
change ownership of directories it did not own, due to following
symlinks. The default setup would corrupt /var/tmp on start
of geronimo.
While there is potential to exploit this problem,
the administrator will have likely noticed this before already.
- moodle XSS problems
The install script of moodle is vulnerable to cross site scripting
(XSS). This flaw is only exploitable if moodle isn't fully installed
yet. Therefore it's unlikely to be much of a problem in practice. To
actually exploit it an attacker would have to know about a person
that is just about to install moodle (CVE-2008-0123).
- SDL_image GIF problems
Specially crafted GIF files could crash the SDL_image library
(CVE-2006-4484).
Updates have been released for SUSE Linux 10.1, openSUSE 10.2
and 10.3.
- python imageop integer overflow
Specially crafted images could trigger an integer overflow in the
imageop module of python (CVE-2007-4965).
Python has been updated on all SUSE Linux based distributions.
- Mysql security problems
The database server MySQL was updated to fix various security
vulnerabilities. Note: not all versions are affected by every bug:
- CVE-2007-2583: a denial of service attack in in_decimal::set for
logged in users.
- CVE-2007-2691: RENAME TABLE did not require DROP privileges,
allowing remote authenticated users to rename arbitrary tables
- CVE-2007-2692: remote authenticated users could gain privileges
due to a bug in SQL SECURITY INVOKER stored routine handling
- CVE-2007-5925: a denial of service attack by remote authenticated
users via a certain CONTAINS operation on an indexed column
- CVE-2007-5969: allowed remote authenticated users to overwrite
system table information and gain privileges via symlinks
- CVE-2007-6303: allowed remote authenticated users to gain
privileges via CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW
statements
- CVE-2007-6304: denial of service attack by remote authenticated
users by performing a specific SHOW TABLE STATUS query
MySQL has been updated on all SUSE Linux based distributions.
- NX also affected by X.org security problems
This update fixes various Xserver security issues that are also
present in NX:
XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427].
TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428].
EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429].
MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429].
- xemacs commandline buffer overflow
A buffer overflow in xemacs commandline handling was
fixed. (CVE-2007-6109)
This problem affected only openSUSE 10.3.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
None listed this week.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team