Showing all newswire headlines

Two problems have been found in the wget package as distributed in Debian GNU/Linux:

Updated apache and httpd packages which fix a number of security issues are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, 7.3, and 8.0.

A security hole has been discovered in Safe.pm which is used in all versions of Perl. The Safe extension module allows the creation of compartments in which perl code can be evaluated in a new namespace and the code evaluated in the compartment cannot refer to variables outside this namespace. However, when a Safe compartment has already been used, there's no guarantee that it is Safe any longer, because there's a way for code to be executed within the Safe compartment to alter its operation mask. Thus, programs that use a Safe compartment only once aren't affected by this bug.

A vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with "/" or containing "/../". This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine.

The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files.

The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution.

Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server.

The wget packages shipped with Red Hat Linux 6.2 through 8.0 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory.

The Canna server, used for Japanese character input, has two security vulnerabilities including an exploitable buffer overrun allowing a local user to gain 'bin' user privileges. Updated packages for Red Hat Linux are available.

A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. Update: The previously released packages for 9.0 had an incorrect dependency on libdb.so.2 instead of libdb.so.3. This update corrects that problem.

Despite popular belief, the IM packages are not architecture independent, since the number of the fsync syscal is detected on build time and this number differs on Linux architectures and other operating systems. As a result of this the optional feature ``NoSync=no'' does only work on the architecture the package was built on. As usual, we are including the text of the original advisory DSA 202-1:

The security update from DSA 192-1 contained a syntax error which is now fixed. For completeness we include the text of the old advisory:

OpenLDAP is the Open Source implementation of the Lightweight Directory Access Protocol (LDAP) and is used in network environments for distributing certain information such as X.509 certificates or login information.

The KDE team has discovered a vulnerability in the support for various network protocols via the KIO The implementation of the rlogin and protocol allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using the victim's account on the vulnerable machine.

Robert Luberda found a security problem in smb2www, a Windows Network client that is accessible through a web browser. This could lead a remote attacker to execute arbitrary programs under the user id www-data on the host where smb2www is running.

A number of vulnerabilities have been found that affect various versions of KDE. This errata provides updates which resolve these issues.

Updated Webalizer packages which fix an obscure buffer overflow bug in the DNS resolver code are available for Red Hat Linux 7.

Tatsuya Kinoshita discovered that IM, which contains interface commands and Perl libraries for E-mail and NetNews, creates temporary files insecurely.

Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded.

A vulnerability was discovered in pine while parsing and escaping characters of email addresses; not enough memory is allocated for storing the escaped mailbox part of the address. The resulting buffer overflow on the heap makes pine crash. This new version of pine, 4.50, has the vulnerability fixed. It also offers many other bug fixes and new features.