SUSE Security Summary Report SUSE-SR:2006:015
-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2006:015
Date: Fri, 30 Jun 2006 16:00:00 +0000
Cross-References: CVE-2006-0898, CVE-2006-2197, CVE-2006-2898
CVE-2006-2916, CVE-2006-3057, CVE-2006-3082
Content of this advisory:
1) Solved Security Vulnerabilities:
- wv2 boundary checks
- perl-Crypt-CBC weak initial vectors
- arts setuid return check problems
- dhcdbd remote denial of service attack
- gpg denial of service attack
- asterisk buffer overflow
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- OpenOffice_org security problems
- opera 9.0 security update
- acroread security update 7.0.8
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- wv2 boundary checks
The wv2 library was updated to fix some boundary checks which could
be exploited by maliciously crafted files to access memory outside
bounds and possibly execute arbitrary code. (CVE-2006-2197)
All SUSE Linux versions are affected by this problem.
- perl-Crypt-CBC weak initial vectors
The Perl Crypt::CBC module versions through 2.16 produced weak
cipher text when used with block encryption algorithms with block size
larger than 8 bytes. (CVE-2006-0898)
This affects all SUSE Linux based products containing perl-Crypt-CBC.
- arts setuid return check problems
The KDE sound server aRts lacked checks around some setuid() calls.
This could potentially be used by a local attacker to gain root
privileges. (CVE-2006-2916)
We think that this is not possible since seteuid() is not affected,
but have fixed this problem nevertheless.
All SUSE Linux based products are affected by this problem.
- dhcdbd remote denial of service attack
A remote trigger-able crash was fixed in the DBUS DHCP client 'dhcdbd'
(CVE-2006-3057).
This problem only affects SUSE Linux 10.0.
- gpg denial of service attack
It is possible to crash (denial of service) the GNU Privacy Guard
(gpg) by supplying a specifically crafted message specifying a
very large UID, which leads to an out of memory situation or an
integer overflow.
It is unclear if this problem can be exploited to execute code.
This issue is tracked by the Mitre CVE ID CVE-2006-3082, and affects
all SUSE Linux based products.
Updates for the gpg2 package are still work in progress.
- asterisk buffer overflow
A security problem was fixed in the IAX2 channel driver of Asterisk
that could be used by remote users to execute code or at least
crash Asterisk.
This issue is tracked by the Mitre CVE ID CVE-2006-2898
and affects SUSE Linux 9.2 up to 10.1.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- OpenOffice_org security problems
Several security problems were found in the OpenOffice_org suite.
We are currently pushing out updates for this problem which will
appear in your YaST Online Update / Zen Updater shortly.
Please note that these updates are very large and might take
a while to download.
A full advisory will be released once the update was released for
all distributions.
- opera 9.0 security update
We released a Opera 9.0 security update which was unfortunately
broken due to a RPM problem.
We are preparing fixed packages for this and will release them as
soon as they become available.
A full advisory will be written once this is done.
- acroread security update 7.0.8
The Adobe Acrobat Reader has a new version 7.0.8 available, which
contains security fixes.
Updated packages have already been released for SUSE Linux 9.2
up to 10.1, but are currently still missing for SUSE Linux 9.1,
SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9, due to
a new GTK 2.4 requirement.
A full advisory will be released once these problems have been
reviewed and solved.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
participants (1)
-
Marcus Meissner