Updated OpenOffice.org packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: OpenOffice.org
Advisory ID: MDKSA-2004:103
Date: September 27th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. The way that OpenOffice.org created temporary files, which used the user's umask to create the file, could potentially allow for other users to have read access to the document (again, dependant upon the user's umask).
The updated packages have been patched to prevent this problem.
Updated netpbm packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: netpbm
Advisory ID: MDKSA-2004:011-1
Date: September 27th, 2004
Original Advisory Date: February 11th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A number of temporary file bugs have been found in versions of NetPBM. These could allow a local user the ability to overwrite or create files as a different user who happens to run one of the the vulnerable utilities.
Mandrakelinux 10.1 Community Edition is now available for free download
A press release from Mandrakesoft:
Funded by French Ministry of Defense, to be CC-EAL5 Certified
Paris, France - September 23rd, 2004 - An industrial
consortium consisting of Bertin Technologies, Surlog, Jaluna, Mandrakesoft, and Oppida, all major European players in security, operating system, and certification technologies, has been awarded a 7 million euro, 3 year contract by the French Ministry of Defense. Under the contract, the consortium will develop a Linux based multi-level security operating system solution meeting Evaluation Assurance Level 5 of the Common Criteria (CC-EAL5). CC-EAL5 guarantees an outstanding security level for an operating system, and satisfies major security requirements in both commercial as well as defense and government applications.
Updated ImageMagick packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: ImageMagick
Advisory ID: MDKSA-2004:102
Date: September 22nd, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Several buffer overflow vulnerabilities in ImageMagick were discovered by Marcus Meissner from SUSE. These vulnerabilities would allow an attacker to create a malicious image or video file in AVI, BMP, or DIB formats which could crash the reading process. It may be possible to create malicious images that could also allow for the execution of arbitray code with the privileges of the invoking user or process.
The Mandrakelinux 9.1 and Mandrakelinux 9.1/PPC products will be expiring this week, on the 25th of September. After this date, no further updates will be made available for 9.1 and 9.1/PPC and the update directories will be moved to the old/ tree on the Mandrakelinux FTP mirrors.
Updated gdk-pixbuf/gtk+2 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gdk-pixbuf/gtk+2
Advisory ID: MDKSA-2004:095-1
Date: September 17th, 2004
Original Advisory Date: September 15th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753).
Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783).
Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788).
All four problems have been corrected in these updated packages.
Update:
The previous package had an incorrect patch applied that would cause some problems with other programs. The updated packages have the correct patch applied.
As well, patched gtk+2 packages, which also contain gdk-pixbuf, are now provided.
A press release from Mandrakesoft:
Mandrakesoft is proud to announce the release of its newest and most advanced operating system to date: Mandrakelinux 10.1 Community. The enhanced usability, hardware support and performance make this release a milestone on the way to widespread Linux adoption.
Mandrakelinux 10.1 Community is designed for those who want the best and latest software and want it as soon as possible. The release of Community is soon to be followed by the release of a rock-solid Mandrakelinux 10.1 Official, on which Mandrakesoft's range of products for home users will be based.
Updated xfree86 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID: MDKSA-2004:099
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86:
Stack overflows (CAN-2004-0687):
Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c).
Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c).
Integer Overflows (CAN-2004-0688):
Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence.
The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities.
Updated libxpm4 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: libxpm4
Advisory ID: MDKSA-2004:098
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Chris Evans found several stack and integer overflows in the libXpm code of X.Org/XFree86 (from which the libxpm code is derived):
Stack overflows (CAN-2004-0687):
Careless use of strcat() in both the XPMv1 and XPMv2/3 xpmParseColors code leads to a stack based overflow (parse.c).
Stack overflow reading pixel values in ParseAndPutPixels (create.c) as well as ParsePixels (parse.c).
Integer Overflows (CAN-2004-0688):
Integer overflow allocating colorTable in xpmParseColors (parse.c) - probably a crashable but not exploitable offence.
The updated packages have patches from Chris Evans and Matthieu Herrb to address these vulnerabilities.
Updated cups packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cups
Advisory ID: MDKSA-2004:097
Date: September 15th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Alvaro Martinez Echevarria discovered a vulnerability in the CUPS print server where an empty UDP datagram sent to port 631 (the default port that cupsd listens to) would disable browsing. This would prevent cupsd from seeing any remote printers or any future remote printer changes.
The updated packages are patched to protect against this vulnerability.
Udpated apache2 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: apache2
Advisory ID: MDKSA-2004:096
Date: September 15th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Two Denial of Service conditions were discovered in the input filter of mod_ssl, the module that enables apache to handle HTTPS requests.
Another vulnerability was discovered by the ASF security team using the Codenomicon HTTP Test Tool. This vulnerability, in the apr-util library, can possibly lead to arbitray code execution if certain non-default conditions are met (enabling the AP_ENABLE_EXCEPTION_HOOK
define).
As well, the SITIC have discovered a buffer overflow when Apache expands environment variables in configuration files such as .htaccess and httpd.conf, which can lead to possible privilege escalation. This can only be done, however, if an attacker is able to place malicious
configuration files on the server.
Finally, a crash condition was discovered in the mod_dav module by Julian Reschke, where sending a LOCK refresh request to an indirectly locked resource could crash the server.
The updated packages have been patched to protect against these vulnerabilities.
Updated gdk-pixbuf packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gdk-pixbuf
Advisory ID: MDKSA-2004:095
Date: September 15th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image could send the bmp loader into an infinite loop (CAN-2004-0753).
Chris Evans found a heap-based overflow and a stack-based overflow in the xpm loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783).
Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf (CAN-2004-0788).
All four problems have been corrected in these updated packages.
Updated squid packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: squid
Advisory ID: MDKSA-2004:093
Date: September 15th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A vulnerability in the NTLM helpers in squid 2.5 could allow for malformed NTLMSSP packets to crash squid, resulting in a DoS. The provided packages have been patched to prevent this problem.
Updated printer-drivers are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: printer-drivers
Advisory ID: MDKSA-2004:094
Date: September 15th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse.
Updated samba packages are available for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: samba
Advisory ID: MDKSA-2004:092
Date: September 13th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
Two vulnerabilities were discovered in samba 3.0.x; the first is a defect in smbd's ASN.1 parsing that allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. As a result, it is possible to use up all available memory on the server.
The second vulnerability is in nmbd's processing of mailslot packets which could allow an attacker to anonymously crash nmbd.
The provided packages are patched to protect against these two vulnerabilities.
Updated cdrecord packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: cdrecord
Advisory ID: MDKSA-2004:091
Date: September 7th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges.
The updated packages are patched to fix the vulnerability.
Updated zlib packages are available for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: zlib
Advisory ID: MDKSA-2004:090
Date: September 7th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
Due to a Debian bug report, a Denial of Service vulnerability was discovered in the zlib compression library versions 1.2.x, in the inflate() and inflateBack() functions. Older versions of zlib are not affected.
Once the updated packages have been installed, all programs linked against zlib must be restarted for the new packages to take effect.
Updated imlib/imlib2 packages are available for Mandrakelinux
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: imlib2
Advisory ID: MDKSA-2004:089
Date: September 7th, 2004
Affected versions: 10.0, 9.2, Corporate Server 2.1
______________________________________________________________________
Problem Description:
Marcus Meissner discovered that the imlib and imlib2 libraries are also affected with a similar BMP-related vulnerability as the recent QT updates. The updated imlib and imlib2 packages are patched to protect against this problem.
An updated drakconf package is available for Mandrakelinux 10.0
_______________________________________________________________________
Mandrakelinux Update Advisory
_______________________________________________________________________
Package name: drakconf
Advisory ID: MDKA-2004:039
Date: September 7th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
Updated DrakConf packages are now available that fix various bugs, including:
- fixed special "control" entries (pablo)
- drakconsole: add a title for when one run it not from mcc
- make web wizard description more accurate (#8153)
- translation updates
- embed rfbdrake (Online Administration section)
- fix buildrequires (Per Øyvind Karlsen)
- fix profiles garbage (tvignaud, #9278)
As well, a new rfbdrake package is provided for the embedded rfbdrake to work properly.
