[security-announce] SUSE Security Summary Report SUSE-SR:2007:024
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2007:024
Date: Thu, 22 Nov 2007 18:00:00 +0000
Cross-References: CVE-2007-2741, CVE-2007-2865, CVE-2007-3227
CVE-2007-3999, CVE-2007-5116, CVE-2007-5162
CVE-2007-5707, CVE-2007-5708, CVE-2007-5728
CVE-2007-5770, CVE-2007-6035
Content of this advisory:
1) Solved Security Vulnerabilities:
- cacti SQL injection bug
- openldap2 remote denial of service
- phpPgAdmin XSS problems
- ruby SSL certificate verification process
- perl regular expression buffer overflow
- rubygem-activesupport XSS problem
- yast2-core modules loaded from current directory
- librpcsecgss also affected by GSSAPI problems
- liblcms ICC profile parsing problem
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- SUSE Linux 10.0 going towards end of support
- Kernel Updates
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- cacti SQL injection bug
A SQL injection bug in cacti was fixed.
The issue is tracked by Mitre CVE ID CVE-2007-6035 and was fixed
for SUSE Linux 10.0,10.1, and openSUSE 10.2, and 10.3
- openldap2 remote denial of service
Multiple flaws were fixed that could cause the OpenLDAP slapd to
crash (CVE-2007-5707, CVE-2007-5708).
- phpPgAdmin XSS problems
Several flaws in phpPgAdmin were fixed that could be exploited
by remote attackers to perform cross site scripting (XSS) attacks
(CVE-2007-2865, CVE-2007-5728).
phpPgAdmin was fixed for openSUSE 10.2.
- ruby SSL certificate verification process
ruby was updated to improve the SSL certificate verification
process. (CVE-2007-5162, CVE-2007-5770) Prior to this update it was
possible to intercept SSL traffic with a man-in-the-middle attack.
Fixed ruby packages are available for all distributions with ruby SSL support.
- perl regular expression buffer overflow
A buffer overflow in perl's regex engine was fixed.
The issue is tracked by the Mitre CVE ID CVE-2007-5116 and fixed
perl packages have been released for all distributions.
- rubygem-activesupport XSS problem
A cross site scripting (XSS) bug in rubygem-activesupport allowed
attackers to execute Javascript code in the context of other web
sites (CVE-2007-3227).
rubygem-activesupport packages were released for all affected
distributions.
- yast2-core modules loaded from current directory
A security bug in yast2-core was fixed that allowed local attackers
to provide malicious yast2 modules to yast2 that are executed with
root privileges.
To trigger this vulnerability root has to execute yast2 in an
untrusted directory (i.e. /tmp), since modules were searched in
the current working directory first.
Thanks to Stefan Nordhausen for reporting this to us.
- librpcsecgss also affected by GSSAPI problems
A security problem was fixed in the librpcsecgss library used
by NFSv4 also found in krb5. A invalid packet could underflow
and potentially cause memory corruption and code execution.
(CVE-2007-3999)
It is unknown if the problematic code path is exploitable for
this package.
- liblcms ICC profile parsing problem
Several security bugs were fixed in liblcms that occurred while
parsing ICC profiles in JPEG images. (CVE-2007-2741) Remote
attackers can exploit this bug to execute arbitrary commands or
cause denial-of-service.
liblcms was updated for all distributions.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- SUSE Linux 10.0 going towards end of support
Starting this week we no longer open new bugs for SUSE Linux 10.0.
We currently drain the queue of the security problems known before
and so draw towards end of support in some weeks.
We strongly recommend upgrading to a newer openSUSE version.
- Kernel Updates
We are currently preparing kernel updates for SUSE Linux 10.1,
openSUSE 10.3 and SUSE Linux Enterprise 10 to fix various security
problems and lots of bugs.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
participants (1)
-
Marcus Meissner