-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
______________________________________________________________________________
SUSE Security Summary Report
Announcement ID: SUSE-SR:2005:028
Date: Fri, 02 Dec 2005 15:00:00 +0000
Cross-References: CVE-2005-2869, CVE-2005-2970, CVE-2005-3123
CVE-2005-3256, CVE-2005-3300, CVE-2005-3301
CVE-2005-3322, CVE-2005-3349, CVE-2005-3354
CVE-2005-3355, CVE-2005-3424, CVE-2005-3425
CVE-2005-3621, CVE-2005-3632, CVE-2005-3662
CVE-2005-3737, CVE-2005-3750
Content of this advisory:
1) Solved Security Vulnerabilities:
- netpbm various buffer overflows
- opera remote execution
- inkscape svg importer buffer overflow
- apache2-worker memory leak
- mozilla-mail enigmail encryption problem
- sylpheed-claws buffer overflow in import plugins
- phpMyAdmin various problems
- gnump3d various problems
- squid crashes
- php4 / php5 security update broken
2) Pending Vulnerabilities, Solutions, and Work-Arounds:
- Kernel updates
3) Authenticity Verification and Additional Information
______________________________________________________________________________
1) Solved Security Vulnerabilities
To avoid flooding mailing lists with SUSE Security Announcements for minor
issues, SUSE Security releases weekly summary reports for the low profile
vulnerability fixes. The SUSE Security Summary Reports do not list md5 sums
or download URLs like the SUSE Security Announcements that are released for
more severe vulnerabilities.
Fixed packages for the following incidents are already available on our FTP
server and via the YaST Online Update.
- netpbm various buffer overflows
This update fixes a buffer overflow in the RGBA-palette code. This
bug can be abused to trigger a denial-or-service attack by feeding
untrusted data to "pnmtopng -alpha" (maybe via a remote service like
a CGI, MUA, etc.). The execution of arbitrary code is theoretically
possible but very unlikely. Another possible buffer overflow that
can occur while handling a text line was fixed too.
This is tracked by the Mitre CVE ID CVE-2005-3632 and CVE-2005-3662.
All SUSE Linux based products are affected.
- opera remote execution
The Opera web browser was updated to version 8.51, fixing the
following security problem:
Insufficient quoting of shell meta characters in the opera start
script allowed to execute arbitrary commands if URLs with such
characters were passed to the script (CVE-2005-3750).
We released this update two times for SUSE Linux 9.x, the first
time the update was broken due to libstdc++ dependency problems,
the second update, released Thursday, fixes this breakage.
SUSE Linux 9.0 up to 10.0 are affected.
- inkscape svg importer buffer overflow
A buffer overflow in the SVG importer of inkscape could potentially
be exploited to execute arbitrary code when opening a crafted
SVG file.
This is tracked by the Mitre CVE ID CVE-2005-3737.
SUSE Linux 9.2 up to 10.0 are affected by this problem.
- apache2-worker memory leak
A memory leak in apache2-worker that allowed remote attackers to
exhaust all available memory was fixed.
This is tracked by the Mitre CVE ID CVE-2005-2970.
All SUSE Linux based products containing apache2-worker were
affected.
- mozilla-mail enigmail encryption problem
Upon sending an encrypted mail the Mozilla Mail plugin enigmail
could accidentally encrypt it for the wrong recipient. During QA
of the update it was found that in various older distributions the
plugin is not functional at all (and so not affected).
This issue is tracked by the Mitre CVE ID CVE-2005-3256.
The problem affects all SUSE Linux based products containing Mozilla.
- sylpheed-claws buffer overflow in import plugins
Buffer overflows in various address book import filters of
Sylpheed/Sylpheed-Claws was fixed.
This is tracked by the Mitre CVE ID CVE-2005-3354.
SUSE Linux 9.0 up to 10.0 were affected by this problem.
- phpMyAdmin various problems
phpMyAdmin was updated to fix several security problems:
- Multiple cross-site scripting (XSS) bugs (CVE-2005-3301,
CVE-2005-2869, PMASA-2005-5).
- Multiple file inclusion vulnerabilities that allowed an attacker
to include arbitrary files (CVE-2005-3300, CVE-2005-3301,
PMASA-2005-5).
- A bug that could lead to 'HTTP response splitting'
(CVE-2005-3621, PMASA-2005-6).
Exploits for this have been seen in the wild.
SUSE Linux 9.0 up to 10.0 are affected.
- gnump3d various problems
The MP3 streaming server gnump3d was updated to fixes the following
security problems:
- Several cross-site-scripting bugs (CVE-2005-3424, CVE-2005-3425)
- Insecure use of files in /tmp (CVE-2005-3349)
- Several directory-traversal bugs (CVE-2005-3123, CVE-2005-3355)
- Squid crashes
This update of Squid in SUSE Linux 9.0 fixes some bugs that lead
to crashes. This bugs were introduced by a previous security-update
(SUSE-SA:2005:053).
Please note that this is a version upgrade so you should do the
following steps: - delete the old cache - adapt the configuration
file to new options - "clientProcessHit: Vary object loop!" message
can be ignored
Only SUSE Linux 9.0 is affected. The issue is tracked by the Mitre
CVE ID CVE-2005-3322.
- php4 / php5 security update broken
We released a security update for PHP 4 and PHP 5 for all SUSE
Linux based products.
This update is broken when PHP applications are used together with
the Apache "mod_rewrite" module.
We are working on a fix for this problem and will release updated
fixed packages as soon as possible.
______________________________________________________________________________
2) Pending Vulnerabilities, Solutions, and Work-Arounds
- Kernel updates
We are currently preparing kernel security and bugfix updates for all
our products.
The first to be released will be a SUSE Linux 10.0 kernel update next week,
followed by updates for the other distributions.
The updates will be separately announced.
______________________________________________________________________________
3) Authenticity Verification and Additional Information
- Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file
and run the command
gpg --verify <file>
replacing <file> with the name of the file containing the announcement.
The output for a valid signature looks like:
gpg: Signature made <DATE> using RSA key ID 3D25D3D9
gpg: Good signature from "SuSE Security Team