[olug] Fw: FreeBSD Security Notice FreeBSD-SN-02:05

Brian Roberson roberson at olug.org
Wed Aug 28 22:18:55 UTC 2002


----- Original Message -----
From: "FreeBSD Security Advisories" <security-advisories at freebsd.org>
To: "FreeBSD Security Advisories" <security-advisories at freebsd.org>
Sent: Wednesday, August 28, 2002 11:44 AM
Subject: FreeBSD Security Notice FreeBSD-SN-02:05


> -----BEGIN PGP SIGNED MESSAGE-----
>
>
============================================================================
=
> FreeBSD-SN-02:05                                              Security
Notice
>                                                           The FreeBSD
Project
>
> Topic:          security issues in ports
> Announced:      2002-08-28
>
> I.   Introduction
>
> Several ports in the FreeBSD Ports Collection are affected by security
> issues.  These are listed below with references and affected versions.
> All versions given refer to the FreeBSD port/package version numbers.
> The listed vulnerabilities are not specific to FreeBSD unless
> otherwise noted.
>
> These ports are not installed by default, nor are they ``part of
> FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
> third-party applications in a ready-to-install format.  FreeBSD makes
> no claim about the security of these third-party applications.  See
> <URL:http://www.freebsd.org/ports/> for more information about the
> FreeBSD Ports Collection.
>
> II.  Ports
>
> +------------------------------------------------------------------------+
> Port name:      acroread5
> Affected:       versions < acroread-5.06
> Status:         Fixed
> Insecure temporary file handling.  The acrobatviewer, acroread4,
> ghostscript, gv, mgv and xpdf ports can also display PDF files.
> <URL:http://online.securityfocus.com/archive/1/278984>
> <URL:http://online.securityfocus.com/archive/1/284263>
> +------------------------------------------------------------------------+
> Port name:      aide
> Affected:       versions < aide-0.7_1
> Status:         Fixed
> The default aide.conf silently fails to check subdirectories, even
> though it appears to be configured to do so.
> +------------------------------------------------------------------------+
> Port name:      apache+mod_ssl
> Affected:       versions < 1.3.26+2.8.10
> Status:         Fixed
> A child process of the Apache server can crash if it receives a
> request for the contents of a directory in which a maliciously
> constructed .htaccess file has been placed.  In the default
> configuration, another child will be spawned, and the crash will
> be logged.  Therefore the bug should be insignificant for most
> users.
> <URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102477330617604&w=2>
> +------------------------------------------------------------------------+
> Port name:      bugzilla
> Affected:       versions < bugzilla-2.14.2
> Status:         Fixed
> "Various security issues of varying importance."
> <URL:http://online.securityfocus.com/archive/1/276031>
> +------------------------------------------------------------------------+
> Port name:      Canna
> Affected:       versions < ja-Canna-3.5b2_3
> Status:         Fixed
> A remotely exploitable buffer overflow exists in the cannaserver
> daemon.  Although previously corrected, the patch containing the
> correction was inadvertently removed from the port skeleton.
>
<URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A31.ca
nna.asc.v1.1>
> <URL:http://www.shadowpenguin.org/sc_advisories/advisory038.html>
> <URL:http://online.securityfocus.com/bid/1445/info/>
> +------------------------------------------------------------------------+
> Port name:      ethereal
> Affected:       versions < ethereal-0.9.6
> Status:         Fixed
> Buffer overflows in BGP, IS-IS, and WCP dissectors.
> <URL:http://www.ethereal.com/appnotes/enpa-sa-00005.html>
> <URL:http://www.ethereal.com/appnotes/enpa-sa-00006.html>
> +------------------------------------------------------------------------+
> Port name:      fam
> Affected:       versions < fam-2.6.8
> Status:         Fixed
> "Unprivileged users can potentially learn names of files that only
> users in root's group should be able to view."
> <URL:ftp://oss.sgi.com/projects/fam/download/ChangeLog>
> <URL:http://www.debian.org/security/2002/dsa-154>
> +------------------------------------------------------------------------+
> Port name:      isakmpd
> Affected:       versions < isakmpd-20020403_1
> Status:         Fixed
> ``Receiving IKE payloads out of sequence can cause isakmpd(8) to
> crash.''
> <URL:http://www.openbsd.org/errata.html#isakmpd>
> <URL:http://www.kb.cert.org/vuls/id/287771>
> +------------------------------------------------------------------------+
> Port name:      irssi
> Affected:       versions < irssi-0.8.5
> Status:         Fixed
> Maliciously long topic can crash program remotely.
> <URL:http://online.securityfocus.com/bid/5055>
> +------------------------------------------------------------------------+
> Port name:      kdelibs2 and kdelibs3
> Affected:       versions < kdelibs2-2.2.2_1
>                 versions < kdelibs3-3.0.2_4
> Status:         Fixed
> A man-in-the-middle attack is possible against Konqueror and other
> KDE applications which use SSL.
> <URL:http://www.kde.org/info/security/advisory-20020818-1.txt>
> +------------------------------------------------------------------------+
> Port name:      krb5
> Affected:       versions < krb5-1.2.5_2
> Status:         Fixed
> Contains an overflow in Sun RPC XDR decoder.
> <URL:http://online.securityfocus.com/archive/1/285308>
>
<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
>
>
<URL:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt>
> +------------------------------------------------------------------------+
> Port name:      linux-netscape6, netscape7, linux-mozilla, and mozilla
> Affected:       versions < mozilla-1.0_1,1 (mozilla)
>                 versions < linux-mozilla-1.1 (linux-mozilla)
>                 All versions (others)
> Status:         Fixed (linux-mozilla and mozilla)
>                 Not fixed (others)
> Malicious Web pages or files can cause loss of X session.
> When the X server receives a request to display an enormously large
> scalable font, the server exits abruptly, killing all its clients.
> This has been confirmed only with XFree86 4.2.0, but there is
> evidence that XFree86 3.3.6, the X font server, and Xvnc behave the
> same way.  Unpatched Netscape (major version 6 or 7) and Mozilla
> browsers do not limit the size of fonts which Web pages or files
> can specify, thus triggering the bug.
> Scalable fonts may be disabled as a workaround.
> <URL:http://bugzilla.mozilla.org/show_bug.cgi?id=150339>
> +------------------------------------------------------------------------+
> Port name:      mm
> Affected:       versions < mm-1.2.0
> Status:         Fixed
> May allow the local Apache user to gain privileges via temporary files.
> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658>
> +------------------------------------------------------------------------+
> Port name:      mpack
> Affected:       versions < mpack-1.5_2
> Status:         Fixed
> Buffer overflow which might be triggered when mpack is used to process
> data from a remote source (email, news, and so on).
> <URL:http://www.linuxsecurity.com/advisories/debian_advisory-2241.html>
> +------------------------------------------------------------------------+
> Port name:      mozilla, linux-mozilla
> Affected:       versions < mozilla-1.0.rc1_2,1 (mozilla)
>                 versions < linux-mozilla-1.0_1 (linux-mozilla)
> Status:         Not fixed
> An overflow exists in the Chatzilla IRC client.  It can cause Mozilla
> to crash even if the demonstration page does not cause the crash.
> According to Robert Ginda, the bug does not allow execution of
> malicious code.
> <URL:http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html>
> <URL:http://bugzilla.mozilla.org/show_bug.cgi?id=163588>
> <URL:http://bugzilla.mozilla.org/show_bug.cgi?id=94448>
> +------------------------------------------------------------------------+
> Port name:      newsx
> Affected:       versions < newsx-1.4.8
> Status:         Fixed
> Format string bug reported by Niels Heinen <niels.heinen at ubizen.com>.
> +------------------------------------------------------------------------+
> Port name:      openssh, openssh-portable
> Affected:       versions < openssh-3.4 (openssh)
>                 versions < openssh-3.4p1 (openssh-portable)
> Status:         Fixed
> Buffer overflow can lead to denial of service or root compromise.
> <URL:http://www.openssh.com/txt/preauth.adv>
> +------------------------------------------------------------------------+
> Port name:      php
> Affected:       versions mod_php4-4.2.0 and mod_php4-4.2.1
>                 versions php4-4.2.0 and php4-4.2.1
> Status:         Fixed
> On i386 architecture, may be remotely crashed; on other architectures,
> may allow execution of arbitrary code with the privileges of the
> Web server by anyone who can send HTTP POST requests.
> <http://security.e-matters.de/advisories/022002.html>
> <http://www.php.net/release_4_2_2.php>
> +------------------------------------------------------------------------+
> Port name:      linux-png and png
> Affected:       versions < linux-png-1.0.14
>                 versions < png-1.2.4
> Status:         Fixed
> Malformed images (for example, in Web pages) can cause applications
> to crash.  Execution of malicious code may be possible.
> <URL:ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207>
>
<URL:http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=9
8528>
> <URL:http://rhn.redhat.com/errata/RHSA-2002-151.html>
> <URL:http://rhn.redhat.com/errata/RHSA-2002-152.html>
> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0660>
> <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0728>
> +------------------------------------------------------------------------+
> Port name:      postgresql7
> Affected:       versions < postgresql7-7.2.2
> Status:         Fixed
> Multiple buffer overruns may allow execution of malicious code.
> Remote attack is possible only when the server is configured to
> accept TCP/IP connections, which is not the default.
> <URL:http://www3.us.postgresql.org/news.html>
>
<URL:http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/
0>
>
<URL:http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/
0>
>
<URL:http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/
0>
> +------------------------------------------------------------------------+
> Port name:      samba
> Affected:       versions < samba-2.2.5
> Status:         Fixed
> Possible buffer overflow.
>
<URL:http://lists.samba.org/pipermail/samba-technical/2002-June/037400.html>
> +------------------------------------------------------------------------+
> Port name:      squid24
> Affected:       versions < squid-2.4_10
> Status:         Fixed
> Buffer overflows may allow remote execution of code.
> <URL:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt>
> +------------------------------------------------------------------------+
> Port name:      super
> Affected:       versions < super-3.20.0
> Status:         Fixed
> Local root exploit.
> <URL:http://online.securityfocus.com/archive/1/285241>
> +------------------------------------------------------------------------+
> Port name:      webmin
> Affected:       versions < webmin-0.990_3
> Status:         Fixed
> "If a webmin user is able to view print jobs, he can execute any
> command as root."
> <URL:http://www.webmin.com/updates.html>
> +------------------------------------------------------------------------+
> Port name:      zmailer
> Affected:       versions < zmailer-2.99.51_1
> Status:         Fixed
> When using IPv6, a remote buffer overflow during the processing of
> the HELO command is possible.
> Reported by 3APA3A <3APA3A at SECURITY.NNOV.RU>.
> +------------------------------------------------------------------------+
>
> III. Upgrading Ports/Packages
>
> To upgrade a fixed port/package, perform one of the following:
>
> 1) Upgrade your Ports Collection and rebuild and reinstall the port.
> Several tools are available in the Ports Collection to make this
> easier.  See:
>   /usr/ports/devel/portcheckout
>   /usr/ports/misc/porteasy
>   /usr/ports/sysutils/portupgrade
>
> 2) Deinstall the old package and install a new package obtained from
>
> [i386]
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
>
> Packages are not automatically generated for other architectures at
> this time.
>
>
> +------------------------------------------------------------------------+
> FreeBSD Security Notices are communications from the Security Officer
> intended to inform the user community about potential security issues,
> such as bugs in the third-party applications found in the Ports
> Collection, which will not be addressed in a FreeBSD Security
> Advisory.
>
> Feedback on Security Notices is welcome at <security-officer at FreeBSD.org>.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.7 (FreeBSD)
>
> iQCVAwUBPWz8glUuHi5z0oilAQGD3wP/XLvIayMoXfSUuuw4VVr84c3vqVk0t0rL
> qZmLe+GaQ6Z5Fu/DfEta3HXhAPrlZx6dMWQfAbhjSyLfW8RpVkBlhbKR2ZImiddz
> t2vz9LaADnWIdyRkI+4zpd9xIgpzB3MQwrkh6ZnnE3pqQ12S4TwfAKqwGm7DSShg
> Ymz4mxfkiug=
> =J67P
> -----END PGP SIGNATURE-----
>
> This is the moderated mailing list freebsd-announce.
> The list contains announcements of new FreeBSD capabilities,
> important events and project milestones.
> See also the FreeBSD Web pages at http://www.freebsd.org
>
>
> To Unsubscribe: send mail to majordomo at FreeBSD.org
> with "unsubscribe freebsd-announce" in the body of the message
>




More information about the OLUG mailing list