[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 54/04 - Red Hat Security Bulletins - Updated NetPBM packages fix multiple temporary file vulnerabilities/Updated mailman packages close cross-site scripting vulnerabilities



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 54/04 dated 06.02.04  Time: 11:45
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Red Hat Security Bulletins:

1.   Updated NetPBM packages fix multiple temporary file vulnerabilities.

2.   Updated mailman packages close cross-site scripting vulnerabilities.

Detail
====== 

1.   A number of temporary file bugs have been found in versions of NetPBM. These 
     could allow a local user the ability to overwrite or create files as a different 
     user who happens to run one of the the vulnerable utilities. The Common Vulnerabilities 
     and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0924 to this issue.

2.   Dirk Mueller discovered a cross-site scripting bug in the admin interface in versions 
     of Mailman 2.1 before 2.1.4.  The Common Vulnerabilities and Exposures project (cve.mitre.org) 
     has assigned the name CAN-2003-0965 to this issue.



- ----------------------------------------------------------------------------------
 1.                Red Hat Security Advisory

Synopsis:          Updated NetPBM packages fix multiple temporary file vulnerabilities
Advisory ID:       RHSA-2004:030-01
Issue date:        2004-02-05
Updated on:        2004-02-05
Product:           Red Hat Linux
Keywords:          symlink tmpfile tmp
Cross references:  
Obsoletes:         
CVE Names:         CAN-2003-0924
- - - ------------------------------------------------------------------------------

1. Topic:

Updated NetPBM packages are available that fix a number of temporary file
vulnerabilities in the netpbm libraries.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

A number of temporary file bugs have been found in versions of NetPBM. 
These could allow a local user the ability to overwrite or create files as
a different user who happens to run one of the the vulnerable utilities. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0924 to this issue.


Users are advised to upgrade to the erratum packages, which contain patches
from Debian that correct these bugs.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL Certificate 
Errors, you need to install a version of the up2date client with an updated 
certificate.  The latest version of up2date is available from the Red Hat 
FTP site and may also be downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

113842 - CAN-2003-0924 netpbm temporary file vulnerabilities

6. RPMs required:

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/netpbm-9.24-10.90.1.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/netpbm-9.24-10.90.1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/netpbm-devel-9.24-10.90.1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/netpbm-progs-9.24-10.90.1.i386.rpm



7. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------

cd34fb5b6ad149244f504dd26dc864cb 9/en/os/SRPMS/netpbm-9.24-10.90.1.src.rpm
bb1647d242d0403a4f53d48b1ad5ec5c 9/en/os/i386/netpbm-9.24-10.90.1.i386.rpm
647c49d0e07efa96a0a3e256a908d942 9/en/os/i386/netpbm-devel-9.24-10.90.1.i386.rpm
ca7a36c7bfd2f651556ce25d4f16e0ef 9/en/os/i386/netpbm-progs-9.24-10.90.1.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


8. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0924

9. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.

- ------------------------------------------------------------------------------
Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:

Complete information about this errata can be found at the following location:
     https://rhn.redhat.com/network/errata/errata_details.pxt?eid=2002

Security Advisory - RHSA-2004:030-01
- ------------------------------------------------------------------------------
Summary:
Updated NetPBM packages fix multiple temporary file vulnerabilities

Updated NetPBM packages are available that fix a number of temporary file
vulnerabilities in the netpbm libraries.

Description:
The netpbm package contains a library of functions that support
programs for handling various graphics file formats, including .pbm
(portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps),
.ppm (portable pixmaps), and others.

A number of temporary file bugs have been found in versions of NetPBM. 
These could allow a local user the ability to overwrite or create files as
a different user who happens to run one of the the vulnerable utilities. 
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0924 to this issue.


Users are advised to upgrade to the erratum packages, which contain patches
from Debian that correct these bugs.
- ------------------------------------------------------------------------------

- -------------
Taking Action
- -------------
You may address the issues outlined in this advisory in two ways:

     - select your server name by clicking on its name from the list
       available at the following location, and then schedule an
       errata update for it:
           https://rhn.redhat.com/network/systemlist/system_list.pxt

     - run the Update Agent on each affected server.


- ---------------------------------
Changing Notification Preferences
- ---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.

        URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt

You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.


- ----------------
Affected Systems
- ----------------
According to our records, this errata may apply to one or more of the 
systems that you've profiled with Red Hat Network.  To see precisely which 
systems are affected, please go to:
    https://rhn.redhat.com/network/errata/systems_affected.pxt?eid=2002



The Red Hat Network Team

This message is being sent by Red Hat Network Alert to:
    RHN user login:        douglaspc
    Email address on file: <uniras@xxxxxxxxxxxx>

If you lost your RHN password, you can use the information above to
retrieve it by email from the following address:
    https://rhn.redhat.com/forgot_password.pxt

To cancel these notices, go to:
    https://rhn.redhat.com/oo.pxt?uid=2912756&oid=3468359





    
- ----------------------------------------------------------------------
  2.               Red Hat Security Advisory

Synopsis:          Updated mailman packages close cross-site scripting vulnerabilities
Advisory ID:       RHSA-2004:020-01
Issue date:        2004-02-05
Updated on:        2004-02-05
Product:           Red Hat Linux
Keywords:          xss
Cross references:  
Obsoletes:         RHBA-2003:179
CVE Names:         CAN-2003-0965 CAN-2003-0992
- - - ---------------------------------------------------------------------

1. Topic:

Updated mailman packages that close various cross-site scripting
vulnerabilities are now available.

2. Relevant releases/architectures:

Red Hat Linux 9 - i386

3. Problem description:

Mailman is a mailing list manager.

Dirk Mueller discovered a cross-site scripting bug in the admin interface
in versions of Mailman 2.1 before 2.1.4.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0965 to
this issue.

A cross-site scripting bug in the 'create' CGI script affects versions of
Mailman 2.1 before 2.1.3.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0992 to this issue.

Users of Mailman are advised to upgrade to the erratum packages, which
include backported security fixes and are not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/mailman-2.1.1-5.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/mailman-2.1.1-5.i386.rpm



6. Verification:

MD5 sum                          Package Name
- - - --------------------------------------------------------------------------

40acda00aa52b23dbb068cd0bf48d898 9/en/os/SRPMS/mailman-2.1.1-5.src.rpm
6efb83ea4e0658457ca3dd883f4d533d 9/en/os/i386/mailman-2.1.1-5.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key is
available from https://www.redhat.com/security/keys.html

You can verify each package with the following command:
    
    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    
    md5sum <filename>


7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0965
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0992

8. Contact:

The Red Hat security contact is <secalert@xxxxxxxxxx>.  More contact
details at https://www.redhat.com/solutions/security/news/contact.html

Copyright 2003 Red Hat, Inc.

- -----------------------------------------------------------------------------

Red Hat Network has determined that the following advisory is applicable to
one or more of the systems you have registered:

Complete information about this errata can be found at the following location:
     https://rhn.redhat.com/network/errata/errata_details.pxt?eid=2003

Security Advisory - RHSA-2004:020-02
- ------------------------------------------------------------------------------
Summary:
Updated mailman packages close cross-site scripting vulnerabilities

Updated mailman packages that close various cross-site scripting
vulnerabilities are now available.

Description:
Mailman is a mailing list manager.

Dirk Mueller discovered a cross-site scripting bug in the admin interface
in versions of Mailman 2.1 before 2.1.4.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2003-0965 to
this issue.

A cross-site scripting bug in the 'create' CGI script affects versions of
Mailman 2.1 before 2.1.3.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2003-0992 to this issue.

Users of Mailman are advised to upgrade to the erratum packages, which
include backported security fixes and are not vulnerable to these issues.
- ------------------------------------------------------------------------------

- -------------
Taking Action
- -------------
You may address the issues outlined in this advisory in two ways:

     - select your server name by clicking on its name from the list
       available at the following location, and then schedule an
       errata update for it:
           https://rhn.redhat.com/network/systemlist/system_list.pxt

     - run the Update Agent on each affected server.


- ---------------------------------
Changing Notification Preferences
- ---------------------------------
To enable/disable your Errata Alert preferences globally please log in to RHN
and navigate from "Your RHN" / "Your Account" to the "Preferences" tab.

        URL: https://rhn.redhat.com/network/my_account/my_prefs.pxt

You can also enable/disable notification on a per system basis by selecting an
individual system from the "Systems List". From the individual system view
click the "Details" tab.


- ----------------
Affected Systems
- ----------------
According to our records, this errata may apply to one or more of the 
systems that you've profiled with Red Hat Network.  To see precisely which 
systems are affected, please go to:
    https://rhn.redhat.com/network/errata/systems_affected.pxt?eid=2003



The Red Hat Network Team

This message is being sent by Red Hat Network Alert to:
    RHN user login:        douglaspc
    Email address on file: <uniras@xxxxxxxxxxxx>

If you lost your RHN password, you can use the information above to
retrieve it by email from the following address:
    https://rhn.redhat.com/forgot_password.pxt

To cancel these notices, go to:
    https://rhn.redhat.com/oo.pxt?uid=2912756&oid=3468359
    

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via EMail to:
uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Red Hat for the information
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQCOIOIpao72zK539AQGbMgQAkGrTjGMN3AVjyPgbkWncRadgGuzRpQD3
5LP/lvXMWBn0gKrNjvXOy/v6ku3qAItqbXmxr7/iAaCzxfXdsFbasZ0wSEBFk7gB
+xzxjmIun8KGYSPz3luLs996MtRlLTgwVHIbEEuURK4wwLWv7dmQMsEiOYtp6Z9w
uWVv/UhqWNo=
=9LiQ
-----END PGP SIGNATURE-----