February 2005

ID: 00125
Ref: 2005/108
Date: 11 February 2005:12:25:32
Version: 1

---

Title: Four Debian Security Advisories
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian

---

Title
=====

Four Debian Security Advisories:

1. Debian Security Advisory DSA 672-1 - xview

2. Debian Security Advisory DSA 673-1 - evolution

3. Debian Security Advisory DSA 674-1 - mailman

4. Debian Security Advisory DSA 675-1 - hztty


Detail
======

1. Erik Sjölund discovered that programs linked against xview are vulnerable to a number of buffer overflows in the XView library.

2. Max Vozeler discovered an integer overflow in a helper application inside
of Evolution, a free grouware suite.

3. Two security related problems have been discovered in mailman, web-based
GNU mailing list manager.

4. Erik Sjölund discovered that hztty, a converter for GB, Big5 and zW/HZ Chinese encodings in a tty session, can be triggered to execute arbitrary commands with group utmp privileges


1.
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 672-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 9th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : xview
Vulnerability : buffer overflows
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0076

Erik Sjölund discovered that programs linked against xview are vulnerable to a number
of buffer overflows in the XView library. When the overflow is triggered in a program
which is installed setuid root a malicious user could perhaps execute arbitrary code
as privileged user.

For the stable distribution (woody) these problems have been fixed in version 3.2p1.4-16woody2.

For the unstable distribution (sid) these problems have been fixed in version 3.2p1.4-19.

We recommend that you upgrade your xview packages.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.dsc
Size/MD5 checksum: 682 73f2ebae0581f04e9edf62333da56353
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4-16woody2.diff.gz
Size/MD5 checksum: 65663 526f16dcd2164713e792e19b9c9a42c2
http://security.debian.org/pool/updates/main/x/xview/xview_3.2p1.4.orig.tar.gz
Size/MD5 checksum: 3227552 b9ff26d6ad378af320bac45154ceaeba

Alpha architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 242538 b02d3c329cd137288360c8dfa1d279ef
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 166874 01c86265b4b1bb03924dc39f03d16e26
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 82184 c90e02f6824b1966cab7c843f866f366
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 282748 0f0d74d37511ef359a9cfa073d1c7a2e
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 830458 396d5dcd0896c25bd5ef3db05356c29c
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_alpha.deb
Size/MD5 checksum: 1336468 15932deabc7a32861bca5dec52749ccc

ARM architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 213546 31b52257f06f8c5c9b75cc7d0d45cd25
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 146328 d3e5511c12ef36547e86b1798f000ef1
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 72314 b77af29123fa25750f470bcd3b9fa555
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 233808 f7feda439c8e0367a5b0270895924351
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 740040 28a2d8eb135764c7fe0026a65df32d9c
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_arm.deb
Size/MD5 checksum: 1119956 2e0e9dfc6641d46d6daac559bb32b233

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 183850 acf639933b6eb260f027a546c57d4136
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 127802 c6cc52741c73598aa3fc5e4158ecec0c
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 64396 d7770705890e14eee88d28768a483e5f
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 223156 5f3a95acb70658bfc66df2896e1223d9
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 646392 6055e545d592579dd5c012608a464752
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_i386.deb
Size/MD5 checksum: 934796 2f3c3c124dc19d5d14aa1dbf54c64784

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 317404 576da684ffdf28de0b0715fdb4dcdcd3
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 220186 316ad06d0819a284884bcb06a4114ff9
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 95106 2b2e5ec4a072aac2d958e91c8c41c8f9
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 287570 7b7967de5eedab4b9e34a66fe887a63d
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 1079586 7200cb22efc8b346e4eaa83ec1897f74
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_ia64.deb
Size/MD5 checksum: 1482648 55b93aca51484c25e38c6a75f716cade

HP Precision architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 230118 5282c987f39795033ef181fc52fb0361
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 159716 57a57cc876a7d51f9e15e0dab24fc373
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 77650 41d67effdaac9bbfae93b35c2d1a99e8
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 257698 e49c1614bb05f896d4c0d2ea64567710
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 830414 f0544907dd17dce7fbf5e0b2c48f044c
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_hppa.deb
Size/MD5 checksum: 1221342 e8f00721366a9bb20f2c65cc9ff51849

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 174654 e9d4846e4431980b742f8fef19274d95
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 121528 27740085ec299dc2f152824242880226
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 62152 cd34146cd2266f438ffd8dde794244b2
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 221572 d60602e378f194426fe223311429a76e
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 609756 21606f2051ff57c2feadacd072129b16
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_m68k.deb
Size/MD5 checksum: 891654 833ce26f040f64bc4cc3b684416b5c25

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 233608 d1e233b9724bdc330fc65be9b053292c
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 162770 e792cab975f9a1fc4f1cb1b20548732d
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 73522 7b28384a8a7b0786752af6aed4bde04d
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 242610 a3b5ab6c3fa2586fcd6cc756ed276e6f
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 718426 feeba8a97bf24eead7e186f7954adec1
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mips.deb
Size/MD5 checksum: 1152450 3b52fdfd2abcba003a40f62161e97249

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 232930 4c7ba7912711277c3bd43e906f182b86
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 162148 5a74c1afae73c463ad735d7b6d95e36c
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 73550 f7bfee56646b67b45234b9ff45e686c0
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 240548 db21fa02e89c56f2de7650c7c436c72c
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 713016 546f6ffb970b55020066d425b57b10b1
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_mipsel.deb
Size/MD5 checksum: 1148214 597d06b001a2840e3b833b0fbdceee8c

PowerPC architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 203952 e12cef8460e96bb8442e802a7dadfd2f
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 141172 a5b5baaf8985cb50f8af76a1f66bdb80
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 71612 373ec845cde8c0507a7bb0534550ad0b
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 235564 09c30509e8d8197fe408ec7548a8cd72
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 708600 b4637a98855afa87cd1f0f0852350409
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_powerpc.deb
Size/MD5 checksum: 1078698 8502065905a3e47870287397de3ec478

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 196944 52b2322fc1b8449d0621460cc9f148c8
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 138124 1dee9a95eff97d2efc1a57035da9d519
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 69010 fba4d2583f26b3824935630f1da4211d
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 238726 3d07b2a9aec170e5785dc625501a9247
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 718966 be18b0d190dbea53a46ac986d8c9ebed
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_s390.deb
Size/MD5 checksum: 996136 df7958201a7d422f838c699b58ce3457

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/x/xview/olvwm_4.4.3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 196302 13ac28d455799ff897e7c18d6d7e9162
http://security.debian.org/pool/updates/main/x/xview/olwm_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 139756 d3428077114ef61a236991156daddf13
http://security.debian.org/pool/updates/main/x/xview/xview-clients_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 82644 60d3b85b20b5331408f361265e5cfba6
http://security.debian.org/pool/updates/main/x/xview/xview-examples_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 375160 1aa0dafb2e393a13b9de921c05641448
http://security.debian.org/pool/updates/main/x/xview/xviewg_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 695008 57e61ce2f7d51ca1adbbe80fe5de78f6
http://security.debian.org/pool/updates/main/x/xview/xviewg-dev_3.2p1.4-16woody2_sparc.deb
Size/MD5 checksum: 1031568 e9793f290c3b3aae31168fe0d5ccfa32


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/





2.
- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 673-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : evolution
Vulnerability : integer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0102
BugTraq ID : 12354

Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges.

For the stable distribution (woody) this problem has been fixed in version 1.0.5-1woody2.

For the unstable distribution (sid) this problem has been fixed in version 2.0.3-1.2.

We recommend that you upgrade your evolution package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2.dsc
Size/MD5 checksum: 990 135eae823f6a0159a5f7ec6bc72c72b0
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2.diff.gz
Size/MD5 checksum: 16718 fdcc1244d1cfbe4c297cc49a577491b8
http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5.orig.tar.gz
Size/MD5 checksum: 15010672 d2ffe374b453d28f5456db5af0a7983c

Alpha architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_alpha.deb
Size/MD5 checksum: 10271422 207d01d4b051c5350a6c1952bc5221ee
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_alpha.deb
Size/MD5 checksum: 947952 b74d9c65882ae4bafa47d6614a96596c
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_alpha.deb
Size/MD5 checksum: 623002 5b864fe6659626050ac55ebf5e8572e0

ARM architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_arm.deb
Size/MD5 checksum: 9282272 57853c1bd08388274b34399548bff183
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_arm.deb
Size/MD5 checksum: 663850 30e04aac4fbcda4e6b709aa1eb378f74
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_arm.deb
Size/MD5 checksum: 492650 96a58d81835fe40c118613994898a99f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_i386.deb
Size/MD5 checksum: 8905428 cc4885b6fff4f47cc3b729765454ea3d
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_i386.deb
Size/MD5 checksum: 585986 53373ed37020c508d50c7f1c5006e6d3
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_i386.deb
Size/MD5 checksum: 470658 615259b21a7c889e8c7203b10e4e7b15

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_ia64.deb
Size/MD5 checksum: 11454804 a4545f6efeb590b2602f8b8c44c9072d
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_ia64.deb
Size/MD5 checksum: 948252 f24c513391cdbd5cf51e0ec5a01def13
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_ia64.deb
Size/MD5 checksum: 771184 2dbb984644f181bd46d996c6f06c2ac2

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_m68k.deb
Size/MD5 checksum: 8876466 b47fd595352d5535199dc889d9aa653d
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_m68k.deb
Size/MD5 checksum: 578364 821686bde02e2ab5a86a3f07f272af26
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_m68k.deb
Size/MD5 checksum: 483950 0927332469d079b3118ff012038b2865

PowerPC architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_powerpc.deb
Size/MD5 checksum: 9339162 e0df2bad032a3a996981b3483223f0f0
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_powerpc.deb
Size/MD5 checksum: 680544 be4b5ade6dcbe9264d30becd3f3789e1
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_powerpc.deb
Size/MD5 checksum: 511292 2bcda2165950f94d01630b13cb1264d1

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_s390.deb
Size/MD5 checksum: 9219484 065504345356c2993a8ff479c7ac4653
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_s390.deb
Size/MD5 checksum: 640874 627f5efbeccefd384ae0335dd784c82b
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_s390.deb
Size/MD5 checksum: 522850 d7055f0f6a273a52cd09fd783f88c525

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/e/evolution/evolution_1.0.5-1woody2_sparc.deb
Size/MD5 checksum: 9393318 4325f6d1bccd22cda371be7dd0a3add8
http://security.debian.org/pool/updates/main/e/evolution/libcamel-dev_1.0.5-1woody2_sparc.deb
Size/MD5 checksum: 670336 f58f241480dbdd3b6f673fb038e100d4
http://security.debian.org/pool/updates/main/e/evolution/libcamel0_1.0.5-1woody2_sparc.deb
Size/MD5 checksum: 510008 adc53f31cc22856e321f2e200a4f0d20


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/




3.
- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 674-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : mailman
Vulnerability : cross-site scripting, directory traversal
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1177 CAN-2005-0202

Two security related problems have been discovered in mailman, web-based GNU mailing list manager. The Common Vulnerabilities and Exposures project identifies the following problems:

CAN-2004-1177

Florian Weimer discovered a cross-site scripting vulnerability in
mailman's automatically generated error messages. An attacker
could craft an URL containing JavaScript (or other content
embedded into HTML) which triggered a mailman error page that
would include the malicious code verbatim.

CAN-2005-0202

Several listmasters have noticed unauthorised access to archives
of private lists and the list configuration itself, including the
users passwords. Administrators are advised to check the
webserver logfiles for requests that contain "/...../" and the
path to the archives or cofiguration. This does only seem to
affect installations running on web servers that do not strip
slashes, such as Apache 1.3.

For the stable distribution (woody) these problems have been fixed in version 2.0.11-1woody9.

For the unstable distribution (sid) these problems have been fixed in version 2.1.5-6.

We recommend that you upgrade your mailman package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9.dsc
Size/MD5 checksum: 595 774821799ef4968703a7e44ed9bbf648
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9.diff.gz
Size/MD5 checksum: 32974 3987fa82ba9a2fe22f0a8f131acbca33
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz
Size/MD5 checksum: 415129 915264cb1ac8d7b78ea9eff3ba38ee04

Alpha architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_alpha.deb
Size/MD5 checksum: 461524 5080358514f761e483b13fb4e369847a

ARM architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_arm.deb
Size/MD5 checksum: 459168 7c5ed235d7c1520f08a98a4f39d0a9bf

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_i386.deb
Size/MD5 checksum: 452242 cbde3d89ad2f09776c1f498f22858919

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_ia64.deb
Size/MD5 checksum: 462126 eb6151c02a2992afd21a6e04fecd75a5

HP Precision architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_hppa.deb
Size/MD5 checksum: 459788 5e6bcc87fbe00e4825ff25b9a8dd2fcd

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_m68k.deb
Size/MD5 checksum: 459270 932ff0948e56d6507c296323533a360f

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_mips.deb
Size/MD5 checksum: 459832 f049c56c07a33b4299241a459b832a1a

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_mipsel.deb
Size/MD5 checksum: 459964 2e0d7c83ace834ab970265e6ff61a6ea

PowerPC architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_powerpc.deb
Size/MD5 checksum: 460084 d32a6a4122bd26451ab40aa3da95711b

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_s390.deb
Size/MD5 checksum: 460116 7b727e56ca3cbf29dbbe147eadd3fec7

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody9_sparc.deb
Size/MD5 checksum: 464776 64bfb2a76c42b520f4fcd343f695701b


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/





4.
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 675-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
February 10th, 2005 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : hztty
Vulnerability : privilege escalation
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0019

Erik Sjölund discovered that hztty, a converter for GB, Big5 and zW/HZ Chinese encodings
in a tty session, can be triggered to execute arbitrary commands with group utmp privileges.

For the stable distribution (woody) this problem has been fixed in version 2.0-5.2woody2.

For the unstable distribution (sid) this problem has been fixed in version 2.0-6.1.

We recommend that you upgrade your hztty package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2.dsc
Size/MD5 checksum: 560 921462207b6301fc73d8d2613fbaa856
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2.diff.gz
Size/MD5 checksum: 4158 910c17cb2807c3cd7d2df62d28f016a5
http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0.orig.tar.gz
Size/MD5 checksum: 229189 7ec5907ad55825780274b8a77b217e21

Alpha architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_alpha.deb
Size/MD5 checksum: 153974 56ea5146bfcbed6392913a2dd697ac4d

ARM architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_arm.deb
Size/MD5 checksum: 149808 a509091afb9f413571030158d8e172d8

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_i386.deb
Size/MD5 checksum: 149432 b5b290876059e43bf376d3f22546ad06

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_ia64.deb
Size/MD5 checksum: 157178 652c2a0a544458bca793e3b26fe64cdc

HP Precision architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_hppa.deb
Size/MD5 checksum: 153452 ca39d351f20620a31679b21312bf5d57

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_m68k.deb
Size/MD5 checksum: 149214 b2a2faee53606c7a2599da89e7dc0779

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_mips.deb
Size/MD5 checksum: 152704 2c94a83690bfaf39d26d5dadddfdd63e

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_mipsel.deb
Size/MD5 checksum: 152788 3ef6e11ca5cec6b8e077c22b99552bc5

PowerPC architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_powerpc.deb
Size/MD5 checksum: 150376 a9742687aec8d26f95bef974bb4de317

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_s390.deb
Size/MD5 checksum: 151002 7607b570894e11c9d3eeb8c84bf5e009

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/h/hztty/hztty_2.0-5.2woody2_sparc.deb
Size/MD5 checksum: 153880 3b8cc02ca85fcb1add110a01c700446f


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

___________________________________


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@niscc.gov.uk

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------