Gentoo 2478 Published by

5 new security updates are available for Gentoo Linux: BIND, multipath-tools, Fetchmail, Newt, and Smarty



[gentoo-announce] [ GLSA 201006-11 ] BIND: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: BIND: Multiple vulnerabilities
Date: June 01, 2010
Bugs: #301548, #308035
ID: 201006-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Several cache poisoning vulnerabilities have been found in BIND.

Background
==========

ISC BIND is the Internet Systems Consortium implementation of the
Domain Name System (DNS) protocol.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/bind < 9.4.3_p5 >= 9.4.3_p5

Description
===========

Multiple cache poisoning vulnerabilities were discovered in BIND. For
further information please consult the CVE entries and the ISC Security
Bulletin referenced below.

Note: CVE-2010-0290 and CVE-2010-0382 exist because of an incomplete
fix and a regression for CVE-2009-4022.

Impact
======

An attacker could exploit this weakness to poison the cache of a
recursive resolver and thus spoof DNS traffic, which could e.g. lead to
the redirection of web or mail traffic to malicious sites.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All BIND users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-dns/bind-9.4.3_p5"

References
==========

[ 1 ] ISC Advisory
BIND 9 Cache Update from Additional Section (updated 19Jan2010) | Internet Systems Consortium
[ 2 ] CVE-2009-4022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
[ 3 ] CVE-2010-0097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097
[ 4 ] CVE-2010-0290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290
[ 5 ] CVE-2010-0382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-11.xml
[gentoo-announce] [ GLSA 201006-10 ] multipath-tools: World-writeable socket
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: multipath-tools: World-writeable socket
Date: June 01, 2010
Bugs: #264564
ID: 201006-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

multipath-tools does not set correct permissions on the socket file,
making it possible to send arbitrary commands to the multipath daemon
for local users.

Background
==========

multipath-tools are used to drive the Device Mapper multipathing
driver.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 sys-fs/multipath-tools < 0.4.8-r1 >= 0.4.8-r1

Description
===========

multipath-tools uses world-writable permissions for the socket file
(/var/run/multipathd.sock).

Impact
======

Local users could send arbitrary commands to the multipath daemon,
causing cluster failures and data loss.

Workaround
==========

chmod o-rwx /var/run/multipath.sock

Resolution
==========

All multipath-tools users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.4.8-r1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since November 13, 2009. It is likely that your system is
already no longer affected by this issue.

References
==========

[ 1 ] CVE-2009-0115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0115

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-10.xml
[gentoo-announce] [ GLSA 201006-12 ] Fetchmail: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Fetchmail: Multiple vulnerabilities
Date: June 01, 2010
Bugs: #280537, #307761
ID: 201006-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been reported in Fetchmail, allowing
remote attackers to execute arbitrary code or to conduct
Man-in-the-Middle attacks.

Background
==========

Fetchmail is a remote mail retrieval and forwarding utility.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-mail/fetchmail < 6.3.14 >= 6.3.14

Description
===========

Multiple vulnerabilities have been reported in Fetchmail:

* The sdump() function might trigger a heap-based buffer overflow
during the escaping of non-printable characters with the high bit set
from an X.509 certificate (CVE-2010-0562).

* The vendor reported that Fetchmail does not properly handle Common
Name (CN) fields in X.509 certificates that contain an ASCII NUL
character. Specifically, the processing of such fields is stopped at
the first occurrence of a NUL character. This type of vulnerability
was recently discovered by Dan Kaminsky and Moxie Marlinspike
(CVE-2009-2666).

Impact
======

A remote attacker could entice a user to connect with Fetchmail to a
specially crafted SSL-enabled server in verbose mode, possibly
resulting in the execution of arbitrary code with the privileges of the
user running the application. NOTE: The issue is only existent on
platforms on which char is signed.

Furthermore, a remote attacker might employ a specially crafted X.509
certificate, containing a NUL character in the Common Name field to
conduct man-in-the-middle attacks on SSL connections made using
Fetchmail.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Fetchmail users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.3.14"

References
==========

[ 1 ] CVE-2010-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0562
[ 2 ] CVE-2009-2666
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-12.xml
[gentoo-announce] [ GLSA 201006-14 ] Newt: User-assisted execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-14
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Newt: User-assisted execution of arbitrary code
Date: June 02, 2010
Bugs: #285854
ID: 201006-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

A heap-based buffer overflow in the Newt library might allow remote,
user-assisted attackers to execute arbitrary code.

Background
==========

Newt is a library for displaying text mode user interfaces.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/newt < 0.52.10-r1 >= 0.52.10-r1

Description
===========

Miroslav Lichvar reported that Newt is prone to a heap-based buffer
overflow in textbox.c.

Impact
======

A remote attacker could entice a user to enter a specially crafted
string into a text dialog box rendered by Newt, possibly resulting in
the remote execution of arbitrary code with the privileges of the user
running the application, or a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Newt users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/newt-0.52.10-r1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since October 26, 2009. It is likely that your system is
already no longer affected by this issue.

References
==========

[ 1 ] CVE-2009-2905
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2905

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-14.xml
[gentoo-announce] [ GLSA 201006-13 ] Smarty: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201006-13
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Smarty: Multiple vulnerabilities
Date: June 02, 2010
Bugs: #212147, #243856, #270494
ID: 201006-13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities in the Smarty template engine might allow
remote attackers to execute arbitrary PHP code.

Background
==========

Smarty is a template engine for PHP.

Affected packages
=================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-php/smarty < 2.6.23 >= 2.6.23

Description
===========

Multiple vulnerabilities have been discovered in Smarty:

* The vendor reported that the modifier.regex_replace.php plug-in
contains an input sanitation flaw related to the ASCII NUL character
(CVE-2008-1066).

* The vendor reported that the _expand_quoted_text() function in
libs/Smarty_Compiler.class.php contains an input sanitation flaw via
multiple vectors (CVE-2008-4810, CVE-2008-4811).

* Nine:Situations:Group::bookoo reported that the
smarty_function_math() function in libs/plugins/function.math.php
contains input sanitation flaw (CVE-2009-1669).

Impact
======

These issues might allow a remote attacker to execute arbitrary PHP
code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Smarty users should upgrade to an unaffected version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-php/smarty-2.6.23"

NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since June 2, 2009. It is likely that your system is already
no longer affected by this issue.

References
==========

[ 1 ] CVE-2008-1066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
[ 2 ] CVE-2008-4810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4810
[ 3 ] CVE-2008-4811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4811
[ 4 ] CVE-2009-1669
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1669

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201006-13.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
Gentoo Bugzilla Main Page

License
=======

Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5