Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > January 2005 > Three Debian Security Advisories: 1. DSA 642-1 - New gallery packages fix several vulnerabilities 2. DSA 641-1 - New playmidi packages fix local root exploit 3. DSA 640-1 - New gatos packages fix arbitrary code execution

January 2005

Three Debian Security Advisories: 1. DSA 642-1 - New gallery packages fix several vulnerabilities 2. DSA 641-1 - New playmidi packages fix local root exploit 3. DSA 640-1 - New gatos packages fix arbitrary code execution

ID: 00041
Ref: 37/2005
Date: 18 January 2005:15:06:56
Version: 1
Title: Three Debian Security Advisories: 1. DSA 642-1 - New gallery packages fix several vulnerabilities 2. DSA 641-1 - New playmidi packages fix local root exploit 3. DSA 640-1 - New gatos packages fix arbitrary code execution
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Three Debian Security Advisories:

1. DSA 642-1 - New gallery packages fix several vulnerabilities

2. DSA 641-1 - New playmidi packages fix local root exploit

3. DSA 640-1 - New gatos packages fix arbitrary code execution


Detail
======

1. Several vulnerabilities have been discovered in gallery, a web-based photo
album written in PHP4. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CAN-2004-1106

Jim Paris discovered a cross site scripting vulnerability which
allows code to be inserted by using specially formed URLs.

CVE-NOMATCH

The upstream developers of gallery have fixed several cases of
possible variable injection that could trick gallery to unintended
actions, e.g. leaking database passwords.

2. Erik Sjölund discovered that playmidi, a MIDI player, contains a setuid
root program with a buffer overflow that can be exploited by a local attacker.

3. Erik Sjölund discovered a buffer overflow in xatitv, one of the programs
in the gatos package, that is used to display video with certain ATI video
cards. xatitv is installed setuid root in order to gain direct access to
the video hardware.






1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0047 -- Debian Security Advisory DSA 642-1
New gallery packages fix several vulnerabilities
18 January 2005

===========================================================================


Product: gallery
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
UNIX variants
BSD variants
Windows
Mac OS X
Impact: Reduced Security
Access: Remote/Unauthenticated
CVE Names: CAN-2004-1106

Original Bulletin: http://www.debian.org/security/2005/dsa-642

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 642-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : gallery
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1106
BugTraq ID : 11602

Several vulnerabilities have been discovered in gallery, a web-based photo
album written in PHP4. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CAN-2004-1106

Jim Paris discovered a cross site scripting vulnerability which
allows code to be inserted by using specially formed URLs.

CVE-NOMATCH

The upstream developers of gallery have fixed several cases of
possible variable injection that could trick gallery to unintended
actions, e.g. leaking database passwords.

For the stable distribution (woody) these problems have been fixed
in version 1.2.5-8woody3.

For the unstable distribution (sid) these problems have been fixed
in version 1.4.4-pl4-1.

We recommend that you upgrade your gallery package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3.dsc
Size/MD5 checksum: 573 f789c8198ba2b859cfb5cca31aaf6dcd
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3.diff.gz
Size/MD5 checksum: 7908 6acd9ee257ddad8c2ffa568b5540e9fe
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9

Architecture independent components:

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody3_all.deb
Size/MD5 checksum: 133126 3527d050800873dc990c1d002478aa7e


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list:
debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB69gDW5ql+IAeqTIRAqipAJ4kVB7T6gwzriUDEb3qA2EnRETlUACeOHkX
/DKy8tkBgh/oV4V4kynNjEk=
=LtRv
- - -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQexMQSh9+71yA2DNAQJmwwP/UitMXzTL2I9gJZGzx0lIx1qTT/Ey95pf
Zgt+CKzqyPBAW5KCiuez0aykBOOIge+WFtTa0WJhcvC9BvT48szxHHpIzKeoGn0L
XNw5P1tstrogsY9fviIzeVY+6B10Dlwm5OqXg7v6rWRx7a6EGgXs4OjBz8R9v3v9
i2+4qpWftDE=
=UEaX
- -----END PGP SIGNATURE-----



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================


ESB-2005.0046 -- Debian Security Advisory DSA 641-1
New playmidi packages fix local root exploit
18 January 2005

===========================================================================



Product: playmidi
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Root Compromise
Access: Existing Account
CVE Names: CAN-2005-0020

Original Bulletin: http://www.debian.org/security/2005/dsa-641

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 641-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : playmidi
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0020

Erik Sjölund discovered that playmidi, a MIDI player, contains a setuid
root program with a buffer overflow that can be exploited by a local attacker.

For the stable distribution (woody) this problem has been fixed in
version 2.4-4woody1.

For the unstable distribution (sid) this problem has been fixed in
version 2.4debian-3.

We recommend that you upgrade your playmidi package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list
as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to
the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1.dsc
Size/MD5 checksum: 660 27266405df049e3ad78449aa26359180
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1.diff.gz
Size/MD5 checksum: 11116 5593e29fbf22ee00c6ea1d2cc4fccd9d
http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4.orig.tar.gz
Size/MD5 checksum: 146742 04efb0826324bce1d93228c77d52f911

Alpha architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_alpha.deb
Size/MD5 checksum: 151852 60b96643f5810f39bf0f7c8344bad727

ARM architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_arm.deb
Size/MD5 checksum: 142944 6df41fcb7eadb971547306b81c3d04e0

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_i386.deb
Size/MD5 checksum: 152556 07ed83461c1895ee6e473f72aef321c7

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_ia64.deb
Size/MD5 checksum: 168568 91ca1e75e685edba1cd280e2b7b57aae

HP Precision architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_hppa.deb
Size/MD5 checksum: 147882 96433cebca7781212b33419726fd271e

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_m68k.deb
Size/MD5 checksum: 132748 ec499ea1a198151560d5e1050738465c

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_mips.deb
Size/MD5 checksum: 144526 b8577f77664f10bc433140eccfa024d9

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_mipsel.deb
Size/MD5 checksum: 143648 b2eac216eb51a3e75114662e0c3c3d05

PowerPC architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_powerpc.deb
Size/MD5 checksum: 143318 4e42843f540adea484c9b6513f7cc1ac

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_s390.deb
Size/MD5 checksum: 141042 11ec7a55306c470ff9bb9c248e73d1e6

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/p/playmidi/playmidi_2.4-4woody1_sparc.deb
Size/MD5 checksum: 147806 698b5ab0d50fc0a77c0bb4921c5b77d5


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list:
debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB66aNW5ql+IAeqTIRAp4WAJ93KXx2QmIrH2jHitu9xZjlBl9nVACgty5A
/iGouI1r4jiJOdBn8mSt8yc=
=QIcD
- - -----END PGP SIGNATURE-----


- - --------------------------END INCLUDED TEXT--------------------

iQCVAwUBQexKtSh9+71yA2DNAQLw2QQAk7l2CN6vTUt0c/e4Mmr416eRHn7yhigC
4blaGxcI1XkZB0QfDI2dwSxnac1kDSsDApo+4SwBR/jx2RvRNpslFlbqjyso3UQ9
MfnSPSWUtxWpT6kJhV/rxQAo70qHfLzcEksjH1qilMfw6Nk7x/oBBZQGKzoneNME
9EyJVZhtDEU=
=20gd
- -----END PGP SIGNATURE-----


3.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

ESB-2005.0045 -- Debian Security Advisory DSA 640-1
New gatos packages fix arbitrary code execution
18 January 2005

===========================================================================



Product: gatos
Publisher: Debian
Operating System: Debian GNU/Linux 3.0
Linux variants
Impact: Execute Arbitrary Code/Commands
Access: Existing Account
CVE Names: CAN-2005-0016

Original Bulletin: http://www.debian.org/security/2005/dsa-640

- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 640-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 17th, 2005 http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package : gatos
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0016

Erik Sjölund discovered a buffer overflow in xatitv, one of the programs
in the gatos package, that is used to display video with certain ATI video
cards. xatitv is installed setuid root in order to gain direct access to
the video hardware.

For the stable distribution (woody) this problem has been fixed in
version 0.0.5-6woody3.

For the unstable distribution (sid) this problem has been fixed in
version 0.0.5-15.

We recommend that you upgrade your gatos package.


Upgrade Instructions
- - - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3.dsc
Size/MD5 checksum: 629 0005020205c97ebd6f2efdf146846c15
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3.diff.gz
Size/MD5 checksum: 40976 34933c1e1da0fbb172ab919e23b68e02
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5.orig.tar.gz
Size/MD5 checksum: 483916 9c16631afc933bde6f5d5e1421efddb7

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody3_i386.deb
Size/MD5 checksum: 148110 2d2e9c2ba2d429175cab205c6ce6860d
http://security.debian.org/pool/updates/main/g/gatos/libgatos-dev_0.0.5-6woody3_i386.deb
Size/MD5 checksum: 109748 4c1d0a17839934a2c818e314c5d7d3b2
http://security.debian.org/pool/updates/main/g/gatos/libgatos0_0.0.5-6woody3_i386.deb
Size/MD5 checksum: 75460 bc27c6c2ec12dab3b6b3e164ee8f05f2


These files will probably be moved into the stable distribution on
its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list:
debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB62YyW5ql+IAeqTIRAt4LAJ4zgTFIfT7BxlVhMffji2zgXLSwUgCePtaw
HrHvLmmbzoeKAmy3ZtbM3kI=
=HeLT
- - -----END PGP SIGNATURE-----
- - --------------------------END INCLUDED TEXT--------------------


iQCVAwUBQexJcih9+71yA2DNAQLx/gQAmA16bPf8hx7dB5wLmAvwxH6JfwsPpmMJ
u6lwBbPsd8MAYzToZPfBSh2hjL26xUKBdD9qkMKrS98/lqcdH8d3BeNsaEiJjYpM
8E9r2nH86VqelR311LJlSp53zh/8RsQsA+ZUb/MeCLYEV4idaXtyC36mg94KVEJI
vOpy+gyrzA0=
=Iu21
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |