-----BEGIN PGP SIGNED MESSAGE-----
______________________________________________________________________________
SUSE Security Summary Report
Announcement-ID: SUSE-SR:2005:001
Date: Wednesday, Jan 12th 2004 18:00 MEST
Cross References: CAN-2004-1152
CAN-2003-0856
CAN-2004-1318
CAN-2004-1284
CAN-2004-1062
CAN-2004-0110
CAN-2004-0989
CAN-2004-1125
Content of this advisory:
1) solved security vulnerabilities:
- problems with kernel update end of December
- acroread document parsing
- iproute2 denial of service
- namazu cross site scripting
- mpg123 play list option buffer overflow
- subversion-viewcvs cross site scripting
- postgresql several vulnerabilities
- libxml2 old nano ftp / HTTP vulnerabilities
- xpdf new integer overflows
2) pending vulnerabilities, solutions, workarounds:
- Sun and Blackdown Java
- new kernel problems
- squirrelmail cross site scripting
- acroread buffer overflow
- phpMyAdmin remote command execution
- wget file overwrite problems
- multiple php vulnerabilities
- multiple problems reported by djb
3) standard appendix (further information)
______________________________________________________________________________
1) solved security vulnerabilities
To avoid spamming lists with advisories for every small incident,
we will release weekly summary advisories for issues where we have
released updates without a full advisory. Since these are minor
issues, md5sums and ftp URLs are not included.
Fixed packages for the following incidents are already available on
our FTP server and via the YaST Online Update.
- Problems with kernel update at end of December 2004.
The kernel RPMs for SUSE LINUX 9.2 kernel of the update had
broken post installation scripts which might have lead to a
non-booting system. This error has been fixed on our update
site and it is safe to apply all SUSE Linux 9.2 updates.
If you still have a non booting system the easiest way to
make it boot correctly again is to:
- Boot the Installer from the DVD/CD.
- Select "Boot installed System", select your systems
partition.
- After the system has started, log in as root user.
- Run /sbin/mkinitrd
This will fix the /boot/initrd symlink to point to the correct initrd.
- Acroread document parsing
The Acrobat Reader shipping with SUSE Linux allows scanning
E-Mail style plain text files for PDF documents.
This code had a flaw which could lead to a remote attacker
executing code as the viewing user by handcrafting a special
E-Mail. This is tracked by the Mitre CVE ID CAN-2004-1152.
All SUSE Linux based products including the acroread RPM are
affected.
- iproute2 local denial of service
A missing access check in the netfilter communication handling
of the "ip" program in the iproute2 RPM could lead to a local
attacker causing a local denial of service by inserting erroneous
information into the netfilter data stream.
This is tracked by the Mitre CVE ID CAN-2003-0856
All SUSE Linux based products are affected.
- namazu cross site scripting
A cross site scripting problem was found in namazu, a full text
web search engine. This issue is tracked by the Mitre CVE ID
CAN-2004-1318.
All SUSE Linux based products are affected.
- mpg123 play list option buffer overflow
A buffer overflow in the mpg123 play list handling could have
a remote user providing a mpg123 play list to execute code
as the listening user. This is tracked by the Mitre CVE ID
CAN-2004-1284.
All SUSE Linux based products are affected.
- subversion-viewcvs cross site scripting
A cross site scripting problem in the viewcvs part of our
subversion RPMs was found and fixed. This is tracked by
the Mitre CVE ID CAN-2004-1062.
SUSE Linux version from 9.0 up to 9.2 are affected.
- postgresql several vulnerabilities
Several minor security problems were found and fixed in the
PostgreSQL database server.
All SUSE Linux based products are affected.
- libxml2 / libxml old nano-ftp / HTTP vulnerabilities
Old vulnerabilities in the URL handling routines of libxml and
libxml2 were reviewed and found not completely fixed in the SUSE
RPMs, potentially allowing a remote attacker to execute code
as the local user.
These are tracked by the Mitre CVE ID CAN-2004-0989 and CAN-2004-0110.
All SUSE Linux based products are affected.
- xpdf new integer overflows
New integer overflows have been found in the xpdf documentviewer
and xpdf clones which could lead to a remote attacker gaining
local access by providing a special handcrafted PDF file.
This issue is tracked by the Mitre CVE ID CAN-2004-1125.
Updated RPMs for xpdf and kdegraphics3-pdf were released,
pdftohtml, gpdf, cups and more will follow.
All SUSE Linux based products are affected.
______________________________________________________________________________
2) Pending vulnerabilities in SUSE Distributions and Workarounds:
- Sun Java Plugin
A privilege escalation problem was found in the Sun Java Plugin
which could have a remote attacker reading and writing files of
a local user browsing websites.
This bug affects all SUSE versions on the Intel x86 and AMD64 /
Intel Extended Memory Architecture (EM64T) platforms.
We are in the process of releasing updated Java packages.
- kernel
Several more problems have been found in the Linux 2.4 and 2.6
kernels:
- Due to missing locking in the sys_uselib system call
a local attacker can gain root access. This was found
by Paul Starzetz and is tracked by the Mitre CVE ID
CAN-2004-1235.
- Paul Starzetz also found a race condition in SMP page table
handling which could lead to a local attacker gaining root
access on i386 SMP machines. This is tracked by the Mitre
CVE ID CAN-2005-001.
- Several more problems have been reported by grsecurity and
are evaluated currently.
All SUSE Linux based products are affected and we are in the
process of preparing updated packages.
- konqueror
The Konqueror web browser allows websites to load web pages into
a window or tab currently used by another website. This was
reported by Secunia Research.
Mitre has has assigned the CVE ID CAN-2004-1158 to this issue.
All SUSE Linux based products are affected, we are preparing
updates for this problem.
- php
Multiple vulnerabilities were found in the php unserialize
functionality and other functions by Stefan Esser and others.
We are in the process of preparing updated packages.
All SUSE Linux based products are affected.
- multiple problems reported by djb
Daniel Bernstein held a course on vulnerabilities and had
his students audit existing UNIX software for potential
problems and vulnerabilities. The students discovered 44
flaws during this course.
Not all of those are as serious to be released as a security
update, the SUSE Security Team has identified the packages
that need an update and is releasing fixes for them.
All SUSE Linux based products are affected.
______________________________________________________________________________
3) standard appendix: authenticity verification, additional information
- Package authenticity verification:
SUSE update packages are available on many mirror ftp servers all over
the world. While this service is being considered valuable and important
to the free and open source software community, many users wish to be
sure about the origin of the package and its content before installing
the package. There are two verification methods that can be used
independently from each other to prove the authenticity of a downloaded
file or rpm package:
1) md5sums as provided in the (cryptographically signed) announcement.
2) using the internal gpg signatures of the rpm package.
1) execute the command
md5sum