January 2005
Ten Gentoo security Advisories:
ID: 00013
Ref: 13/2005
Date: 07 January 2005:15:56:32
Version: 1
Title: Ten Gentoo security Advisories:
Abstract:
Vendors affected: Gentoo
Operating systems affected: Gentoo
Applications affected: Gentoo
Title
=====
Ten Gentoo security Advisories:
1. GLSA 200501-10 - Vilistextum: Buffer overflow vulnerability
2. GLSA 200501-09 - xzgv: Multiple overflows
3. GLSA 200501-08 - phpGroupWare: Various vulnerabilities
4. GLSA 200501-07 - xine-lib: Multiple overflows
5. GLSA 200501-06 - tiff: New overflows in image decoding
6. GLSA 200501-05 - mit-krb5: Heap overflow in libkadm5srv
7. GLSA 200501-04 - Shoutcast Server: Remote code execution
8. GLSA 200501-03 - Mozilla, Firefox, Thunderbird: Various vulnerabilities
9. GLSA 200501-02 - a2ps: Insecure temporary files handling
10. GLSA 200501-01 - LinPopUp: Buffer overflow in message reply
Detail
======
1. Ariel Berkman discovered that Vilistextum unsafely reads data into an
array without checking the length. This code vulnerability may lead to a
buffer overflow.
2. Multiple overflows have been found in the image processing code of xzgv,
including an integer overflow in the PRF parsing code (CAN-2004-0994).
3. Several flaws were discovered in phpGroupWare making it vulnerable to
cross-site scripting attacks, SQL injection, and full path disclosure.
4. Ariel Berkman discovered that xine-lib reads specific input data into
an array without checking the input size in demux_aiff.c, making it vulnerable
to a buffer overflow (CAN-2004-1300) . iDefense discovered that the PNA_TAG
handling code in pnm_get_chunk() does not check if the input size is larger
than the buffer size (CAN-2004-1187). iDefense also discovered that in this
same function, a negative value could be given to an unsigned variable that
specifies the read length of input data (CAN-2004-1188).
5. infamous41md found a potential integer overflow in the directory entry
count routines of the TIFF library (CAN-2004-1308). Dmitry V. Levin found
another similar issue in the tiffdump utility (CAN-2004-1183).
6. The MIT Kerberos 5 administration library libkadm5srv contains a heap
overflow in the code handling password changing.
7. Part of the Shoutcast Server Linux binary has been found to improperly
handle sprintf() parsing.
8. Maurycy Prodeus from isec.pl found a potentially exploitable buffer
overflow in the handling of NNTP URLs. Furthermore, Martin (from
ptraced.net) discovered that temporary files in recent versions of
Mozilla-based products were sometimes stored world-readable with predictable
names. The Mozilla Team also fixed a way of spoofing filenames in Firefox's
"What should Firefox do with this file" dialog boxes and a potential
information leak about the existence of local filenames.
9. Javier Fernandez-Sanguino Pena discovered that the a2ps package contains
two scripts that create insecure temporary files (fixps and psmandup).
10. Stephen Dranger discovered that LinPopUp contains a buffer overflow
in string.c, triggered when replying to a remote user message.
1.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Vilistextum: Buffer overflow vulnerability
Date: January 06, 2005
Bugs: #74694
ID: 200501-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Vilistextum is vulnerable to a buffer overflow that allows an attacker to
execute arbitrary code through the use of a malicious webpage.
Background
==========
Vilistextum is an HTML to text converter.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/vilistextum < 2.6.7 >= 2.6.7
Description
===========
Ariel Berkman discovered that Vilistextum unsafely reads data into an array
without checking the length. This code vulnerability may lead to a buffer
overflow.
Impact
======
A remote attacker could craft a malicious webpage which, when converted,
would result in the execution of arbitrary code with the rights of the user
running Vilistextum.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Vilistextum users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/vilistextum-2.6.7"
References
==========
[ 1 ] Original Advisory
http://tigger.uic.edu/~jlongs2/holes/vilistextum.txt
[ 2 ] CAN-2004-1299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1299
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-10.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
2.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xzgv: Multiple overflows
Date: January 06, 2005
Bugs: #74069
ID: 200501-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
xzgv contains multiple overflows that may lead to the execution of arbitrary code.
Background
==========
xzgv is a picture viewer for X, with a thumbnail-based file selector.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-gfx/xzgv <= 0.8 >= 0.8-r1
Description
===========
Multiple overflows have been found in the image processing code of xzgv,
including an integer overflow in the PRF parsing code (CAN-2004-0994).
Impact
======
An attacker could entice a user to open or browse a specially-crafted image
file, potentially resulting in the execution of arbitrary code with the
rights of the user running xzgv.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All xzgv users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/xzgv-0.8-r1"
References
==========
[ 1 ] CAN-2004-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0994
[ 2 ] iDEFENSE Advisory
http://www.idefense.com/application/poi/display?id=160&type=vulnerabilities&flashstatus=true
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-09.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
3.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: phpGroupWare: Various vulnerabilities
Date: January 06, 2005
Bugs: #74487
ID: 200501-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in phpGroupWare that could
lead to information disclosure or remote compromise.
Background
==========
phpGroupWare is a web-based suite of group applications including a calendar,
todo-list, addressbook, email, wiki, news headlines, and a file manager.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-apps/phpgroupware < 0.9.16.004 >= 0.9.16.004
Description
===========
Several flaws were discovered in phpGroupWare making it vulnerable to
cross-site scripting attacks, SQL injection, and full path disclosure.
Impact
======
These vulnerabilities could allow an attacker to perform cross-site
scripting attacks, execute SQL queries, and disclose the full path of the
web directory.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All phpGroupWare users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/phpgroupware-0.9.16.004"
References
==========
[ 1 ] BugTraq Advisory
http://www.securityfocus.com/archive/1/384492
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you
may file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
4.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: xine-lib: Multiple overflows
Date: January 06, 2005
Bugs: #74475
ID: 200501-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
xine-lib contains multiple overflows potentially allowing execution of arbitrary code.
Background
==========
xine-lib is a multimedia library which can be utilized to create multimedia frontends.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/xine-lib < 1_rc8-r1 >= 1_rc8-r1
*>= 1_rc6-r1
Description
===========
Ariel Berkman discovered that xine-lib reads specific input data into an
array without checking the input size in demux_aiff.c, making it vulnerable
to a buffer overflow (CAN-2004-1300) . iDefense discovered that the PNA_TAG
handling code in pnm_get_chunk() does not check if the input size is larger
than the buffer size (CAN-2004-1187). iDefense also discovered that in this
same function, a negative value could be given to an unsigned variable that
specifies the read length of input data (CAN-2004-1188).
Impact
======
A remote attacker could craft a malicious movie or convince a targeted user
to connect to a malicious PNM server, which could result in the execution of
arbitrary code with the rights of the user running any xine-lib frontend.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All xine-lib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose media-libs/xine-lib
References
==========
[ 1 ] CAN-2004-1187
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1187
[ 2 ] CAN-2004-1188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1188
[ 3 ] CAN-2004-1300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1300
[ 4 ] iDefense Advisory
http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities
[ 5 ] iDefense Advisory
http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities
[ 6 ] Ariel Berkman Advisory
http://tigger.uic.edu/~jlongs2/holes/xine-lib.txt
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
5.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: tiff: New overflows in image decoding
Date: January 05, 2005
Bugs: #75213
ID: 200501-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
An integer overflow has been found in the TIFF library image decoding
routines and the tiffdump utility, potentially allowing arbitrary code
execution.
Background
==========
The TIFF library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE applications, to interpret TIFF images.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-libs/tiff < 3.7.1-r1 >= 3.7.1-r1
Description
===========
infamous41md found a potential integer overflow in the directory entry
count routines of the TIFF library (CAN-2004-1308). Dmitry V. Levin
found another similar issue in the tiffdump utility (CAN-2004-1183).
Impact
======
A remote attacker could entice a user to view a carefully crafted TIFF
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the TIFF library, including many web browsers or mail readers.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All TIFF library users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.1-r1"
References
==========
[ 1 ] CAN-2004-1183
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1183
[ 2 ] CAN-2004-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308
[ 3 ] iDEFENSE Advisory
http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
6.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: mit-krb5: Heap overflow in libkadm5srv
Date: January 05, 2005
Bugs: #75143
ID: 200501-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The MIT Kerberos 5 administration library (libkadm5srv) contains a heap
overflow that could lead to execution of arbitrary code.
Background
==========
MIT krb5 is the free implementation of the Kerberos network authentication
protocol by the Massachusetts Institute of Technology.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-crypt/mit-krb5 < 1.3.6 >= 1.3.6
Description
===========
The MIT Kerberos 5 administration library libkadm5srv contains a heap
overflow in the code handling password changing.
Impact
======
Under specific circumstances an attacker could execute arbitary code
with the permissions of the user running mit-krb5, which could be
the root user.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All mit-krb5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.3.6"
References
==========
[ 1 ] CAN 2004-1189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1189
Availability
============
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200501-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
7.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Shoutcast Server: Remote code execution
Date: January 05, 2005
Bugs: #75482
ID: 200501-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Shoutcast Server contains a possible buffer overflow that could lead to
the execution of arbitrary code.
Background
==========
Shoutcast Server is Nullsoft's streaming audio server. It runs on a variety
of platforms, including Linux, and is extremely popular with Internet broadcasters.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-sound/shoutcast-server-bin <= 1.9.4-r1 >= 1.9.5
Description
===========
Part of the Shoutcast Server Linux binary has been found to improperly
handle sprintf() parsing.
Impact
======
A malicious attacker could send a formatted URL request to the Shoutcast
Server. This formatted URL would cause either the server process to crash,
or the execution of arbitrary code.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Shoutcast Server users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-sound/shoutcast-server-bin-1.9.5"
References
==========
[ 1 ] BugTraq Announcement
http://www.securityfocus.com/archive/1/385350
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any
security concerns should be addressed to security@gentoo.org or alternatively,
you may file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
8.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla, Firefox, Thunderbird: Various vulnerabilities
Date: January 05, 2005
Bugs: #76112, #68976, #70749
ID: 200501-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Various vulnerabilities were found and fixed in Mozilla-based products,
ranging from a potential buffer overflow and temporary files disclosure
to anti-spoofing issues.
Background
==========
Mozilla is a popular web browser that includes a mail and newsreader.
Mozilla Firefox and Mozilla Thunderbird are respectively the next-generation
browser and mail client from the Mozilla project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mozilla < 1.7.5 >= 1.7.5
2 mozilla-bin < 1.7.5 >= 1.7.5
3 mozilla-firefox < 1.0 >= 1.0
4 mozilla-firefox-bin < 1.0 >= 1.0
5 mozilla-thunderbird < 0.9 >= 0.9
6 mozilla-thunderbird-bin < 0.9 >= 0.9
-------------------------------------------------------------------
6 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Maurycy Prodeus from isec.pl found a potentially exploitable buffer overflow
in the handling of NNTP URLs. Furthermore, Martin (from ptraced.net)
discovered that temporary files in recent versions of Mozilla-based products
were sometimes stored world-readable with predictable names. The Mozilla Team
also fixed a way of spoofing filenames in Firefox's "What should Firefox do
with this file" dialog boxes and a potential information leak about the
existence of local filenames.
Impact
======
A remote attacker could craft a malicious NNTP link and entice a user to click it,
potentially resulting in the execution of arbitrary code with the rights of the
user running the browser. A local attacker could leverage the temporary file
vulnerability to read the contents of another user's attachments or downloads.
A remote attacker could also design a malicious web page that would allow to
spoof filenames if the user uses the "Open with..." function in Firefox, or
retrieve information on the presence of specific files in the local filesystem.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Mozilla users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-1.7.5"
All Mozilla binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-bin-1.7.5"
All Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0"
All Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0"
All Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-0.9"
All Thunderbird binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-client/mozilla-thunderbird-bin-0.9"
References
==========
[ 1 ] isec.pl Advisory
http://isec.pl/vulnerabilities/isec-0020-mozilla.txt
[ 2 ] Martin (from ptraced.net) Advisory
http://broadcast.ptraced.net/advisories/008-firefox.thunderbird.txt
[ 3 ] Secunia Advisory SA13144
http://secunia.com/advisories/13144/
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
9.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: a2ps: Insecure temporary files handling
Date: January 04, 2005
Bugs: #75784
ID: 200501-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The fixps and psmandup scripts in the a2ps package are vulnerable to
symlink attacks, potentially allowing a local user to overwrite arbitrary
files.
Background
==========
a2ps is an Any to Postscript filter that can convert to Postscript
from many filetypes. fixps is a script that fixes errors in Postscript
files. psmandup produces a Postscript file for printing in manual
duplex mode.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/a2ps < 4.13c-r2 >= 4.13c-r2
Description
===========
Javier Fernandez-Sanguino Pena discovered that the a2ps package contains
two scripts that create insecure temporary files (fixps and psmandup).
Impact
======
A local attacker could create symbolic links in the temporary files
directory, pointing to a valid file somewhere on the filesystem. When
fixps or psmandup is executed, this would result in the file being
overwritten with the rights of the user running the utility.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All a2ps users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/a2ps-4.13c-r2"
References
==========
[ 1 ] Secunia SA13641
http://secunia.com/advisories/13641/
[ 2 ] CAN-2004-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1170
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any security
concerns should be addressed to security@gentoo.org or alternatively, you may
file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0
10.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200501-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: LinPopUp: Buffer overflow in message reply
Date: January 04, 2005
Bugs: #74705
ID: 200501-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
LinPopUp contains a buffer overflow potentially allowing execution of
arbitrary code.
Background
==========
LinPopUp is a graphical application that acts as a frontend to Samba
client messaging functions, allowing a Linux desktop to communicate
with a Microsoft Windows computer that runs Winpopup.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-im/linpopup < 2.0.4-r1 >= 2.0.4-r1
Description
===========
Stephen Dranger discovered that LinPopUp contains a buffer overflow
in string.c, triggered when replying to a remote user message.
Impact
======
A remote attacker could craft a malicious message that, when replied
using LinPopUp, would exploit the buffer overflow. This would result
in the execution of arbitrary code with the privileges of the user
running LinPopUp.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All LinPopUp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/linpopup-2.0.4-r1"
References
==========
[ 1 ] CAN-2004-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1282
[ 2 ] Stephen Dranger Advisory
http://tigger.uic.edu/~jlongs2/holes/linpopup.txt
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200501-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality
and security of our users machines is of utmost importance to us. Any
security concerns should be addressed to security@gentoo.org or alternatively,
you may file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.0