July 2005
Conectiva - Five Security Announcements
ID: 00624
Ref: 578/05
Date: 26 July 2005:11:41:14
Version: 1
Title: Conectiva - Five Security Announcements
Abstract:
Vendors affected: Conectiva
Operating systems affected: Conectiva
Applications affected: Conectiva
Title
=====
Conectiva - Five Security Announcements:
1. Conectiva Security Announcement - apache [CLA-2005:982]
2. Conectiva Security Announcement - dhcpcd [CLA-2005:983]
3. Conectiva Security Announcement - ruby [CLA-2005:984]
4. Conectiva Security Announcement - wget [CLA-2005:985]
5. Conectiva Security Announcement - tcpdump [CLA-2005:986]
Detail
======
Security announcement summaries:
1. This announcement fixes two security vulnerabilities in apache
2. This announcement fixes a denial of service vulnerability in
dhcpcd that could be triggered by a remote attacker and cause an
out-of-bounds memory read.
3. This announcement fixes a XMLRPC.iPIMethods vulnerability which
could allow remote attackers to execute arbitrary commands.
4. This announcement fixes a security vulnerability in wget which
could allow a specially prepared remote web server to overwrite
certain files.
5. This announcement fixes three security vulnerabilities in tcpdump
Security announcement content follows:
1.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : apache
SUMMARY : Fix for security vulnerabilities in apache
DATE : 2005-07-25 10:23:00
ID : CLA-2005:982
RELEVANT
RELEASES : 9, 10
- - -------------------------------------------------------------------------
DESCRIPTION
Apache[1] is the most popular webserver in use today.
This announcement fixes two security vulnerabilities in apache:
1.CAN-2005-1268
Fixes a possible crash on printing CRL details when debugging is
enabled, if configured to use a CRL from a malicious source.
2.CAN-2005-2088
When acting as an HTTP proxy, apache allows remote attackers to
poison the web cache, bypass web application firewall protection and
conduct XSS attacks via an HTTP request with both a
"Transfer-Encoding: chunked" header and a Content-Length header,
which causes Apache to incorrectly handle and forward the body of the
request in a way that causes the receiving server to process it as a
separate HTTP request.
SOLUTION
It is recommended that all Apache users upgrade their packages.
IMPORTANT: it is necessary to manually restart the httpd server after
upgrading the packages. In order to do this, execute the following as
root:
# service httpd stop
(wait a few seconds and check with "pidof httpd" if there are any
httpd processes running. On a busy webserver this could take a little
longer)
# service httpd start
REFERENCES
1.http://apache.httpd.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1268
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/apache-2.0.49-61251U10_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-devel-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-doc-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/apache-htpasswd-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr-devel-static-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libapr0-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_auth_ldap-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/mod_dav-2.0.49-61251U10_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/apache-2.0.45-28790U90_10cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-devel-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-doc-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/apache-htpasswd-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr-devel-static-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libapr0-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_auth_ldap-2.0.45-28790U90_10cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/mod_dav-2.0.45-28790U90_10cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFC5OfQ42jd0JmAcZARArfHAJ9ir0KwTfTk8aJpY1S67lB4Bg24BwCePsTb
Eq7Beg2tfu3EAWci9iZvkI8=
=9PFC
- -----END PGP SIGNATURE-----
2.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : dhcpcd
SUMMARY : Fix for security vulnerability in dhcpcd
DATE : 2005-07-25 10:26:00
ID : CLA-2005:983
RELEVANT
RELEASES : 9, 10
- - -------------------------------------------------------------------------
DESCRIPTION
dhcpcd[1] is a widely used dhcp client.
This announcement fixes a denial of service vulnerability[2] in
dhcpcd that could be triggered by a remote attacker and cause an
out-of-bounds memory read.
SOLUTION
It is recommended that all dhcpcd users upgrade their packages.
REFERENCES
1.http://www.phystech.com/download/dhcpcd.html
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/dhcpcd-1.3.22pl4-69034U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/dhcpcd-1.3.22pl4-69034U10_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/dhcpcd-1.3.22pl4-24708U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/dhcpcd-1.3.22pl4-24708U90_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFC5OiY42jd0JmAcZARAsBpAJ4q548RjJB4xwYWi9B++zDzO7b9sgCgoszz
5aBUxaS/l4QKwSXHS7iBLmc=
=b8Lc
- -----END PGP SIGNATURE-----
3.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : ruby
SUMMARY : Fix for security vulnerability in ruby
DATE : 2005-07-25 10:29:00
ID : CLA-2005:984
RELEVANT
RELEASES : 10
- - -------------------------------------------------------------------------
DESCRIPTION
ruby[1] is an object oriented script language.
This announcement fixes a XMLRPC.iPIMethods vulnerability[2] which
chould allow remote attackers to execute arbitrary commands.
SOLUTION
It is recommended that all ruby users upgrade their packages.
REFERENCES
1.http://www.ruby-lang.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1992
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/ruby-1.8.1-55599U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-devel-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-devel-static-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-doc-1.8.1-55599U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/ruby-tk-1.8.1-55599U10_1cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFC5Omp42jd0JmAcZARAle9AJ9TPf+IUct/e0hpNHH0FqxjuSpPygCdGZ9q
6e5iBbHxCWAHJeiSbK/GX3Q=
=vzHD
- -----END PGP SIGNATURE-----
4.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : wget
SUMMARY : Fix for security vulnerability in wget
DATE : 2005-07-25 10:37:00
ID : CLA-2005:985
RELEVANT
RELEASES : 9, 10
- - -------------------------------------------------------------------------
DESCRIPTION
wget[1] is a largely known client for ftp and http protocols.
This announcement fixes a security vulnerability[2] in wget which
could allow a specially prepared remote web server to overwrite
certain files via a redirection URL containing a ".." that resolves
to the IP address of the malicious server, which bypasses wget's
filtering for ".." sequences.
It also fixes another vulnerability[3] where wget does not filter or
quote control characters when displaying HTTP responses to the
terminal, which may allow a specially crafted remote web server to
inject terminal escape sequences and execute arbitrary code.
SOLUTION
It is recommended that all wget users upgrade their packages.
REFERENCES
1.http://sunsite.dk/wget
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1487
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1488
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/wget-1.9.1-52156U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-bg-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ca-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-cs-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-da-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-de-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-el-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-es-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-et-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-fr-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-gl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-he-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-hr-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-hu-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-it-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ja-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-nl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-no-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-pl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-pt_BR-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ro-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-ru-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-sk-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-sl-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-sv-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-tr-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-uk-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-zh_CN-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/wget-i18n-zh_TW-1.9.1-52156U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/wget-1.8.2-13946U90_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/wget-1.8.2-13946U90_3cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFC5Osw42jd0JmAcZARAoNdAJ9xHESKbnkMvN7Fr1bgmaT3RTMyGwCdFWW4
xxZ10X5r3uDwja9TiE6ynNM=
=uVX+
- -----END PGP SIGNATURE-----
5.
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- - --------------------------------------------------------------------------
PACKAGE : tcpdump
SUMMARY : Security fixes for tcpdump
DATE : 2005-07-25 10:40:00
ID : CLA-2005:986
RELEVANT
RELEASES : 10
- - -------------------------------------------------------------------------
DESCRIPTION
Tcpdump[1] is a command-line tool for monitoring network traffic.
This announcement fixes three security vulnerabilities in tcpdump:
1.CAN-2005-1278[2]
The isis_print function, as called by isoclns_print, in tcpdump
3.9.1 and earlier allows remote attackers to cause a denial of
service (infinite loop) via a zero length, as demonstrated using a
GRE packet.
2.CAN-2005-1279[3]
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial
of service (infinite loop) via a specially crafted BGP packet, which
is not properly handled by RT_ROUTING_INFO, or LDP packet, which is
not properly handled by the ldp_print function.
3.CAN-2005-1280[4]
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote
attackers to cause a denial of service (infinite loop) via a crafted
RSVP packet of length 4.
SOLUTION
It is recommended that all tcpdump users upgrade their packages.
REFERENCES
1.http://www.tcpdump.org/
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/tcpdump-3.8.3-56737U10_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/tcpdump-3.8.3-56737U10_2cl.i386.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions regarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- - -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- - -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- - -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com
- - -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFC5Ova42jd0JmAcZARAijlAJ91PlBeVaoOjuwo5Qy4M2g0kts5IgCg1c3S
p/lG4xsnGcDd033q81ec3Rk=
=KLlc
- -----END PGP SIGNATURE-----