[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 555/05 - Mandriva - Two Security Update Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 555/05 dated 20.07.05  Time: 10:20  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Mandriva - Two Security Update Advisories:
     1.  Updated cpio packages fix vulnerabilities              [MDKSA-2005:116-1]
     2.  Updated nss_ldap/pam_ldap packages fix vulnerabilities [MDKSA-2005:121]


Detail
====== 

Security update advisory summaries:

     1.  A race condition has been found in cpio 2.6 and earlier which allows
         local users to modify permissions of arbitrary files.  The previous 
         packages had a problem upgrading due to an unresolved issue with tar and 
         rmt.  These packages correct the problem.

     2.  It has been discovered that pam_ldap and nss_ldap would not use TLS for 
         referred connections if they are referred to a master after connecting to 
         a slave, regardless of the "ssl start_tls" setting in ldap.conf.


Security update advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           cpio
 Advisory ID:            MDKSA-2005:116-1
 Date:                   July 19th, 2005
 Original Advisory Date: July 11th, 2005
 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 A race condition has been found in cpio 2.6 and earlier which allows
 local users to modify permissions of arbitrary files via a hard link
 attack on a file while it is being decompressed, whose permissions are
 changed by cpio after the decompression is complete (CAN-2005-1111).
 
 A vulnerability has been discovered in cpio that allows a malicious
 cpio  file to extract to an arbitrary directory of the attackers
 choice.  cpio will extract to the path specified in the cpio file,
 this path can be absolute (CAN-2005-1229).
  
Update:

 The previous packages had a problem upgrading due to an unresolved
 issue with tar and rmt.  These packages correct the problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1111
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1229
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 5e09657806ea7779182c7e5a49c22be8  10.0/RPMS/cpio-2.5-4.2.100mdk.i586.rpm
 407b3cef16e5d7153c3af0a685df7109  10.0/SRPMS/cpio-2.5-4.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 4a1947f3c7fc27f0b6cc0d9bdf97cfd8  amd64/10.0/RPMS/cpio-2.5-4.2.100mdk.amd64.rpm
 407b3cef16e5d7153c3af0a685df7109  amd64/10.0/SRPMS/cpio-2.5-4.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 c808f5a1689a006e9049e1d8a37ede70  10.1/RPMS/cpio-2.5-4.3.101mdk.i586.rpm
 907e5f404afe7cdd649f8aeaa8444914  10.1/SRPMS/cpio-2.5-4.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 71ab78c534f9552ad081c625e92afb45  x86_64/10.1/RPMS/cpio-2.5-4.3.101mdk.x86_64.rpm
 907e5f404afe7cdd649f8aeaa8444914  x86_64/10.1/SRPMS/cpio-2.5-4.3.101mdk.src.rpm

 Mandrakelinux 10.2:
 9db16a5fa7bfc85aa7bb2d199ab5d825  10.2/RPMS/cpio-2.6-3.1.102mdk.i586.rpm
 131667db822df5a4cec71e24cdc51b69  10.2/SRPMS/cpio-2.6-3.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 4d5b31e9bdd5d1c81fc61ec3a863f7ff  x86_64/10.2/RPMS/cpio-2.6-3.1.102mdk.x86_64.rpm
 131667db822df5a4cec71e24cdc51b69  x86_64/10.2/SRPMS/cpio-2.6-3.1.102mdk.src.rpm

 Multi Network Firewall 2.0:
 25c062c9ad406ac7f68f9339d4c5694a  mnf/2.0/RPMS/cpio-2.5-4.2.M20mdk.i586.rpm
 06317e96fc89042c8869f1d2a5030705  mnf/2.0/SRPMS/cpio-2.5-4.2.M20mdk.src.rpm

 Corporate Server 2.1:
 fe2a5bdd208f9ce6fcf87b90a87dbbdf  corporate/2.1/RPMS/cpio-2.5-4.2.C21mdk.i586.rpm
 950d0f7e96d109e965fb9d6d8f500813  corporate/2.1/SRPMS/cpio-2.5-4.2.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 826500d3531ce8aff99afaf97eb8a8a7  x86_64/corporate/2.1/RPMS/cpio-2.5-4.2.C21mdk.x86_64.rpm
 950d0f7e96d109e965fb9d6d8f500813  x86_64/corporate/2.1/SRPMS/cpio-2.5-4.2.C21mdk.src.rpm

 Corporate 3.0:
 44667c0001e9da72f56c109f9f451c22  corporate/3.0/RPMS/cpio-2.5-4.2.C30mdk.i586.rpm
 a7beddf04ef0e065dad9af2387393c22  corporate/3.0/SRPMS/cpio-2.5-4.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 94803dd8ac6d1a1fc5436c04f097b4a1  x86_64/corporate/3.0/RPMS/cpio-2.5-4.2.C30mdk.x86_64.rpm
 a7beddf04ef0e065dad9af2387393c22  x86_64/corporate/3.0/SRPMS/cpio-2.5-4.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3an4mqjQ0CJFipgRAtTSAKDmYcYDv41kYLHShC90ME0uLgozqgCgq2dq
2kA1WxNrxfbrcQLqvvnZJ1s=
=UNP2
- -----END PGP SIGNATURE-----




2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           nss_ldap
 Advisory ID:            MDKSA-2005:121
 Date:                   July 18th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Rob Holland, of the Gentoo Security Audit Team, discovered that
 pam_ldap and nss_ldap would not use TLS for referred connections if
 they are referred to a master after connecting to a slave, regardless
 of the "ssl start_tls" setting in ldap.conf.
 
 As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0
 has been fixed that caused crond, and other applications, to crash as
 a result of clients receiving a SIGPIPE signal when attempting to
 issue a new search request to a directory server that is no longer
 available.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 914dcae90f53c038cfc011abe891ab4d  10.0/RPMS/nss_ldap-212-4.1.100mdk.i586.rpm
 072543f7406517e0515d35d39e5f5f40  10.0/RPMS/pam_ldap-167-4.1.100mdk.i586.rpm
 541c2b177143c43b743b8d3fe5509ea9  10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 5235319856a96b9a1ef18a2913f6adcf  amd64/10.0/RPMS/nss_ldap-212-4.1.100mdk.amd64.rpm
 20aa9281762673b4ff2a79e4c108faf8  amd64/10.0/RPMS/pam_ldap-167-4.1.100mdk.amd64.rpm
 541c2b177143c43b743b8d3fe5509ea9  amd64/10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 b0e26a28478136804d4aeb39d44c8d82  10.1/RPMS/nss_ldap-220-3.1.101mdk.i586.rpm
 700a3f02f035626e93fe9de327df9d52  10.1/RPMS/pam_ldap-170-3.1.101mdk.i586.rpm
 0292807cd0a28d55ca8e59489761bf25  10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 707a0491faf0022727255c56dc14c508  x86_64/10.1/RPMS/nss_ldap-220-3.1.101mdk.x86_64.rpm
 066cfd679a2d6ccb8f2f04cc223c8cb9  x86_64/10.1/RPMS/pam_ldap-170-3.1.101mdk.x86_64.rpm
 0292807cd0a28d55ca8e59489761bf25  x86_64/10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 e51a248257f108f311a774d58f6c04fc  10.2/RPMS/nss_ldap-220-5.2.102mdk.i586.rpm
 f8716c332eaa6a29013dc9e69c164f3d  10.2/RPMS/pam_ldap-170-5.2.102mdk.i586.rpm
 9e638e127e5a8107ee23c0c1c9f76fd1  10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 a00d92227ecbd7ce25bd144c4a9d4ffe  x86_64/10.2/RPMS/nss_ldap-220-5.2.102mdk.x86_64.rpm
 87b5b7aac3a835d6e90d2ea916f0e530  x86_64/10.2/RPMS/pam_ldap-170-5.2.102mdk.x86_64.rpm
 9e638e127e5a8107ee23c0c1c9f76fd1  x86_64/10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

 Multi Network Firewall 2.0:
 bb3ebbd81508ff14425daaac2e6eb339  mnf/2.0/RPMS/nss_ldap-212-4.1.M20mdk.i586.rpm
 b1ad2c72353d0e1213c9e0ae81c61ff9  mnf/2.0/RPMS/pam_ldap-167-4.1.M20mdk.i586.rpm
 e240c07b08757410dbc411d2d6430e14  mnf/2.0/SRPMS/nss_ldap-212-4.1.M20mdk.src.rpm

 Corporate Server 2.1:
 2afb0b0dbd3b0ed51a2b62d8387f09f4  corporate/2.1/RPMS/nss_ldap-202-1.3.C21mdk.i586.rpm
 bdec2ce99957b1018084b04a8d27b18d  corporate/2.1/RPMS/pam_ldap-156-1.3.C21mdk.i586.rpm
 b8b51a75d94c7fdbfce141f8eb634059  corporate/2.1/SRPMS/nss_ldap-202-1.3.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 ce833d0b6359c54b8bd6337e65fb85fa  x86_64/corporate/2.1/RPMS/nss_ldap-202-1.3.C21mdk.x86_64.rpm
 6ed783d9f1581a9e736b09d3d8ceebeb  x86_64/corporate/2.1/RPMS/pam_ldap-156-1.3.C21mdk.x86_64.rpm
 b8b51a75d94c7fdbfce141f8eb634059  x86_64/corporate/2.1/SRPMS/nss_ldap-202-1.3.C21mdk.src.rpm

 Corporate 3.0:
 8916317b50c123371f31e97744c81b9c  corporate/3.0/RPMS/nss_ldap-212-4.1.C30mdk.i586.rpm
 7a62fb9be21fb245e9f66307f77b898e  corporate/3.0/RPMS/pam_ldap-167-4.1.C30mdk.i586.rpm
 bc3cde29ad21289d345c22ddda8fdb2a  corporate/3.0/SRPMS/nss_ldap-212-4.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 063b326df178942502a2be421891fdf1  x86_64/corporate/3.0/RPMS/nss_ldap-212-4.1.C30mdk.x86_64.rpm
 be16dc6b6bb027a561d6415b46af19be  x86_64/corporate/3.0/RPMS/pam_ldap-167-4.1.C30mdk.x86_64.rpm
 bc3cde29ad21289d345c22ddda8fdb2a  x86_64/corporate/3.0/SRPMS/nss_ldap-212-4.1.C30mdk.src.rpm
 _______________________________________________________________________

 Bug IDs fixed (see http://qa.mandriva.com for more information):

  13271 - changing crontab crashes crond when using LDAP for authentication
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3IZlmqjQ0CJFipgRAkTGAKDkXx8EJb9v3mpvSaX/mPVeepZmpACghrZ0
ct6RX4vR+OyjBK9n/9lluqU=
=ioO9
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQt4V5Ipao72zK539AQHOMgP/Wzk5anXCB4cG4kUlxvNH2lSMELZ3J9S+
uuJDqFhFK6mxgQRdu2hUNizFvWcZXy+iPm2C3xc8m25yjq9TDb4CdhpH+HnexRXb
IHCOpMTiF9NmLAyy1CsVmBrtG6F/cPtbd9BcH3B/FACstHkZVnBS5G6uDUooutVw
wYocijZ7GJ4=
=R1i8
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________