SUSE Security Summary Report SUSE-SR:2005:018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:018
Date: Thu, 28 Jul 2005 13:00:00 +0000
Cross-References: CAN-2004-2154
CAN-2005-1268
CAN-2005-1769
CAN-2005-1920
CAN-2005-1921
CAN-2005-1992
CAN-2005-2088
CAN-2005-2095
CAN-2005-2335
CAN-2005-2363
CAN-2005-2367
MFSA 2005-45
MFSA 2005-46
MFSA 2005-47
MFSA 2005-48
MFSA 2005-49
MFSA 2005-50
MFSA 2005-51
MFSA 2005-52
MFSA 2005-53
MFSA 2005-54
MFSA 2005-55
MFSA 2005-56
Content of this advisory:
1) Solved Security Vulnerabilities:
- apache2
- clamav
- fetchmail
- MozillaFirefox
- ruby
- ampache
- squirrelmail
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- kdelibs3
- cups
- pam_krb5
- ethereal
- various kernel security problems
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- apache2
apache2 was prone to so called "HTTP Request Smuggling" attacks
(CAN-2005-2088) and contained an off-by-one overflow whilst printing
CRL information (CAN-2005-1268).
All SUSE LINUX based products are affected.
- clamav
clamav contained several integer overflows allowing for heap buffer
overflows. clamav has been updated to version 0.86.2 to fix those
problem.
SUSE Linux 9.1-9.3 and SLES9 are affected.
- fetchmail
A buffer overflow allowed a malicious POP3 server to possibly
execute arbitrary code via long UIDL responses (CAN-2005-2335).
Due to optimizations performed by gcc the bug is most likely not
exploitable with the fetchmail packages on SUSE Linux though.
All SUSE LINUX based products are affected.
- MozillaFirefox
Mozilla Firefox has been updated to version 1.0.6 to fix several security
issues:
MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Possibly exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities
SUSE Linux 9.0-9.3 and Novell Linux Desktop 9 are affected.
- ruby
A bug in the XML-RPC library allowed remote attackers to execute
arbitrary code (CAN-2005-1992).
All SUSE LINUX based products are affected
- ampache
A bug in the PEAR::XML_RPC library allowed remote attackers to
pass arbitrary php code to the eval() function (CAN-2005-1921).
All SUSE LINUX products are affected
- squirrelmail
A cross-site-scripting issue (CAN-2005-1769) and a bug that allowed
malicious attackers to change sessions variables of other users
(CAN-2005-2095) have been fixed.
All SUSE LINUX products are affected
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- kdelibs3
The Kate file editor saved backup copies of edited files with
default permissions instead of the possibly more restrictive
permissions of the original (CAN-2005-1920).
SUSE Linux 9.1-9.3 and SLES9 are affected.
- cups
Attackers could bypass access restrictions for printers with names
that contain both uppercase and lowercase letters (CAN-2004-2154).
SUSE Linux 8.2-9.0 and SLES8 are affected.
- pam_krb5
The previous security update for pam_krb5 broke logins that have
their home on AFS.
SUSE Linux 9.0-9.3 and SLES9 are affected.
- ethereal
A buffer overflow, a format string vulnerability and several other
bugs that can cause ethereal to crash have been found
(CAN-2005-2360, CAN-2005-2361, CAN-2005-2362, CAN-2005-2363,
CAN-2005-2364, CAN-2005-2365, CAN-2005-2366, CAN-2005-2367).
All SUSE Linux based products are affected.
- various kernel security problems
Various security problems were found in both the 2.4 and 2.6 Linux
kernels.
We are testing updates for all current issues and will release
packages soon.
All SUSE Linux based products are affected.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team
participants (1)
-
Ludwig Nussel