SUSE Security Summary Report SUSE-SR:2005:022
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:022
Date: Fri, 07 Oct 2005 13:00:00 +0000
Cross-References: CAN-2005-2966
Content of this advisory:
1) Solved Security Vulnerabilities:
- resmgr usb device restriction problems
- liby2util problems with untrusted remote repositories
- mediawiki edit history problems
- powersave permission problems
- bacula tmp race fixes
- various user applications used LD_LIBRARY_PATH unsafely
- dia svg import code execution
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- none listed
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- resmgr usb device restriction problems
resmgr is the SUSE way of providing device access to logged in
desktop users. The following security problems were fixed in resmgr:
- By using alternate syntax for specifying USB devices instead of a
/proc/bus/usb path one could bypass access control rules and open
any USB device.
- Class specific exclude rules did not match devices that set their
class ID at interface level.
Therefore the default exclude rules for HID and hub devices did
not work on many devices.
This would allow a local attacker (logged into another X session
or text console with desktop rights) to snoop on USB human input
devices like keyboard or mice of other users.
This problem affects only SUSE Linux 9.2 and 9.3.
- liby2util problems with untrusted remote repositories
Rene "l00m" Fischer found two problem in the handling of YaST
package repositories.
- The remote repositories were copied with permissions and ownerships
intact. If the remote repository was owned by a user or had problematic
permissions, these ownership and permissions were copied over to
the system.
If these included world writable permissions local users could
overwrite package meta files.
This problem is not present when installing from CD or a correctly
set up network source.
- The YaST package handling had a buffer overflow which could be
used by attackers having access to the meta data (for instance
due to above permission problem) to potentially execute code.
These problems have been fixed with this update.
All SUSE Linux based products were affected by this problem.
A problem appeared in the SUSE Linux 9.1 update due to a symbol
mismatch caused by incompatible changes in SUSE Linux Enterprise
Server 9 which were not correctly merged back to SUSE Linux 9.1.
If you are using SUSE Linux 9.1 and can no longer start YaST
package manager or online_update, please reinstall the liby2util
RPM from the original CD by hand.
- Mediawiki edit history problems
A bug in mediawiki Wiki edit submission handling could cause
corruption of the previous revision in the database if an abnormal
URL was used, such as those used by some spam bots.
This mediawiki update contains fixes up to MediaWiki version 1.4.10.
SUSE Linux 9.3 and 10.0 are affected by this problem.
- powersave permission problems
The powersave interfaces allows logged in desktop users to control
certain power management functions of the machine. A configuration
problem of the powersave daemon in SUSE Linux 10.0 allowed any local
user to control the powersave daemon, allowing him for instance to
suspend the machine. Additionally some bugs were fixed: - When doing
CPU frequency scaling, the nice factor was not considered correctly.
- The patch also fixes a problem were an ACPI button press was
not ignored after coming back from sleep and so the system shut
down again. - If the haldaemon is not running, powersave opens
dbus connections without closing them after wards.
These bugs only affect SUSE Linux 10.0.
- bacula tmp race fixes
A fixed version of bacula was released that improves its handling
of temporary files.
Only SUSE Linux 10.0 is affected.
- Various user applications used LD_LIBRARY_PATH unsafely
Several user applications handle LD_LIBRARY_PATH unsafely. By just
appending paths to LD_LIBRARY_PATH they caused the program to also
search the current directory for shared libraries. In directories
that contain network data those libraries could be injected into
the respective application.
We already released updates for following applications:
- beagle for SUSE Linux 9.3 and 10.0.
- tomboy for SUSE Linux 9.3 and 10.0.
- liferea for SUSE Linux 10.0.
- blam for SUSE Linux 9.3 and 10.0.
- banshee for SUSE Linux 10.0.
Fixes for more applications will be released.
- dia svg import code execution
This update of dia fixes a bug in the SVG import plugin which allows
the execution of Python code. (CAN-2005-2966)
This problem only affects SUSE Linux 9.3 and 10.0.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
none
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
participants (1)
-
Marcus Meissner