[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 631/05 - Trustix - multi [2005-0041]



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 631/05 dated 15.08.05  Time: 14:38 
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Trustix - multi [2005-0041]

Detail
====== 

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2005-0041

Package names:     apache, cgilib, curl, kernel, libart,     
                   mod_auth_mysql, mod_auth_pgsql, mod_authz_ldap,
                   open, php, rrdtool, vlock, webalizer
Summary:           Various bug fixes
Date:              2005-08-12
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0

- - --------------------------------------------------------------------------
Package description:
  apache
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.

  cgilib
  cgilib is a simple library that provides an easy interface to the common 
  gateway interface, known as CGI. The purpose is to provide an easy to 
  use interface to CGI if you need to write your program in C instead of 
  perl.

  curl
  curl is a client to get documents/files from servers, using any of the
  supported protocols. The command is designed to work without user
  interaction or any kind of interactivity.

  kernel
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

  libart
  Libart is a library for high-performance 2D graphics.It is currently being 
  used as the antialiased rendering engine for the Gnome Canvas. It is also 
  the rendering engine for Gill, the Gnome Illustration app.

  mod_auth_mysql
  The mod_auth_mysql module consists an authorization handler that uses an 
  MySQL server as the basis for authorizations.

  mod_auth_pgsql
  The mod_auth_pgsql module consists an authorization handler that uses an 
  PostgreSQL server as the basis for authorizations.

  mod_authz_ldap
  The mod_authz_ldap module consists an authorization handler that uses an 
  LDAP server as the basis for authorizations.

  open
  The open command starts a specified command with the first available
  virtual console, or on a virtual console that you specify. Install the
  open package if you regularly use virtual consoles to run programs.  

  php
  PHP is an HTML-embedded scripting language.  PHP attempts to make it easy 
  for developers to write dynamically generated web pages. PHP also offers 
  built-in database integration for several commercial and non-commercial 
  database management systems, so writing a database-enabled web page with 
  PHP is fairly simple. The most common use of PHP coding is probably as a 
  replacement for CGI scripts. The mod_php module enables the Apache web 
  server to understand and process the embedded PHP language in web pages.
  
  rrdtool
  RRD is the Acronym for Round Robin Database. RRD is a system to store and
  display time-series data (i.e. network bandwidth, machine-room temperature,
  server load average). It stores the data in a very compact way that will not
  expand over time, and it presents useful graphs by processing the data to
  enforce a certain data density. It can be used either via simple wrapper
  scripts (from shell or Perl) or via frontends that poll network devices and
  put a friendly user interface on it.

  vlock
  The vlock program locks one or more sessions on the console. Vlock can lock 
  the current terminal (local or remote) or the entire virtual console system,
  which completely disables all console access. The vlock program unlocks when
  either the password of the user who started vlock or the root password is 
  typed.

  webalizer
  The Webalizer is a web server log file analysis program which produces usage
  statistics in HTML format for viewing with a browser. The results are 
  presented in both columnar and graphical format, which facilitates
  interpretation.

Problem description:
  apache
  - Now package suexec in apache-suexec, Ref. Bug #1163.

  cgilib
  - Initial Entry into TSL-3.0 

  curl
  - Initial Entry into TSL-3.0

  kernel
  - New Upstream
  - Enabled Extended matches in QoS, Fix Bug #1167.

  libart
  - Initial Entry into TSL-3.0

  mod_auth_mysql
  - Initial Entry into TSL-3.0

  mod_auth_pgsql
  - Initial Entry into TSL-3.0

  mod_authz_ldap
  - Initial Entry into TSL-3.0

  open
  - Initial Entry into TSL-3.0

  php
  - Rebuilt with Curl support.

  rrdtool
  - Initial Entry into TSL-3.0

  vlock
  - Initial Entry into TSL-3.0

  webalizer
  - Initial Entry into TSL-3.0

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0041/>


MD5sums of the packages:
- - --------------------------------------------------------------------------
6c2e90205eae62f353e2cc46421a6bf7  3.0/rpms/apache-2.0.54-12tr.i586.rpm
cb52884b5ba72ca4631860ebe17b6115  3.0/rpms/apache-dbm-2.0.54-12tr.i586.rpm
2fa86b57b22b5b8c18c159059e30f712  3.0/rpms/apache-devel-2.0.54-12tr.i586.rpm
c233a2d80d064e68cfbc0cb0a6382b50  3.0/rpms/apache-html-2.0.54-12tr.i586.rpm
1f95b1b1db5e391330c63eeda13aec31  3.0/rpms/apache-manual-2.0.54-12tr.i586.rpm
9554fde8303a921d9c64623da2b3e209  3.0/rpms/apache-suexec-2.0.54-12tr.i586.rpm
8a8162592377887c59de4b2fa7ff35f8  3.0/rpms/cgilib-0.5-1tr.i586.rpm
f824a8e8f445604f355d665416491a50  3.0/rpms/curl-7.14.0-1tr.i586.rpm
3cb1724ab1bdd3527dd027a0c84a1728  3.0/rpms/curl-devel-7.14.0-1tr.i586.rpm
2107a9552443c0920e1052e492bf0a5c  3.0/rpms/kernel-2.6.12.4-2tr.i586.rpm
6dedd233aa39fa60debb747b7d67aaa2  3.0/rpms/kernel-doc-2.6.12.4-2tr.i586.rpm
031f5342ed1e47c7fbf8170d8a874728  3.0/rpms/kernel-headers-2.6.12.4-2tr.i586.rpm
10c471e253e8ad39c98d04763fe5af96  3.0/rpms/kernel-smp-2.6.12.4-2tr.i586.rpm
2b690b9bb631e4ac3abf5edb03008664  3.0/rpms/kernel-smp-headers-2.6.12.4-2tr.i586.rpm
698258e23c01e4838ab392ea993e4da4  3.0/rpms/kernel-source-2.6.12.4-2tr.i586.rpm
2e1fb9cdbc78e64c1e56dac6cdcca1b6  3.0/rpms/kernel-utils-2.6.12.4-2tr.i586.rpm
c319362ebad72d1fe01b709c8db0c311  3.0/rpms/libart-2.3.17-1tr.i586.rpm
9c0fc490e1553a0d9c27ef584d7b64f9  3.0/rpms/libart-devel-2.3.17-1tr.i586.rpm
b1c2720e5d68a77faab0f6ef97881728  3.0/rpms/mod_auth_mysql-3.0.0-1tr.i586.rpm
bc4c1664dfeba2daaf46a9974fe00ec6  3.0/rpms/mod_auth_pgsql-2.0.1-1tr.i586.rpm
ea12921560b0565653a9af4ffb1fdc8d  3.0/rpms/mod_authz_ldap-0.26-1tr.i586.rpm
f913ea85574c1ee95984365087dfebfe  3.0/rpms/open-1.4-1tr.i586.rpm
2e31b4bd9edd96b70e92bfd3cd67c28b  3.0/rpms/php-5.0.4-16tr.i586.rpm
31eceaf3dc2978caefe19bfbd029244f  3.0/rpms/php-cli-5.0.4-16tr.i586.rpm
096e6e69da050a9cd6805cc3ed0fe640  3.0/rpms/php-curl-5.0.4-16tr.i586.rpm
22055dc2c3f3caa34608e1e31654184b  3.0/rpms/php-devel-5.0.4-16tr.i586.rpm
40161c74e483f781a13ce9eaafef09e4  3.0/rpms/php-exif-5.0.4-16tr.i586.rpm
884c29a6087e6a54b54370e6133a6827  3.0/rpms/php-fcgi-5.0.4-16tr.i586.rpm
115bfdfbfdc5673640d1112cad3b09f9  3.0/rpms/php-gd-5.0.4-16tr.i586.rpm
538d7e2f7518523cf4fa8407e75bf516  3.0/rpms/php-imap-5.0.4-16tr.i586.rpm
e0daacdbe7e645e5d04e64731ae1299b  3.0/rpms/php-ldap-5.0.4-16tr.i586.rpm
9e2524fab0c945abd967252b00727572  3.0/rpms/php-mhash-5.0.4-16tr.i586.rpm
77d2db31b32f317da46f48e31417a409  3.0/rpms/php-mysql-5.0.4-16tr.i586.rpm
f53218d489b40c562c7fd1730e1eae8e  3.0/rpms/php-mysqli-5.0.4-16tr.i586.rpm
ad6970180199e2e9bd2b39122240e830  3.0/rpms/php-pgsql-5.0.4-16tr.i586.rpm
cd97fc2c952fcbfc37f393c6af25c3f7  3.0/rpms/php-snmp-5.0.4-16tr.i586.rpm
c93cf19133245b27fc46eddccb99d47d  3.0/rpms/php-zlib-5.0.4-16tr.i586.rpm
ff3ce497eb9f075e149c954e49fbb1ee  3.0/rpms/rrdtool-1.2.11-1tr.i586.rpm
cc5149e902a26c4d531e1cefd0a1e210  3.0/rpms/rrdtool-devel-1.2.11-1tr.i586.rpm
457f7deb68b0e42a9b80b5ce1c3b18c7  3.0/rpms/rrdtool-perl-1.2.11-1tr.i586.rpm
a321d875f919c476ff783a18339a6043  3.0/rpms/vlock-1.3-1tr.i586.rpm
9972a598f90e75fcca02def37333190c  3.0/rpms/webalizer-2.01_10-1tr.i586.rpm

923c5950e11a9a65a9de0ecf042d8db8  2.2/rpms/apache-2.0.54-6tr.i586.rpm
c8adb46241cca5c506a06ad0f53a7a2b  2.2/rpms/apache-dbm-2.0.54-6tr.i586.rpm
573ee537ef4052430c8346d0ef387df1  2.2/rpms/apache-devel-2.0.54-6tr.i586.rpm
895d2ea889ab1c3443d0bdf8986d0b59  2.2/rpms/apache-html-2.0.54-6tr.i586.rpm
e00584af7b3d870c25eaaea5dff1c668  2.2/rpms/apache-manual-2.0.54-6tr.i586.rpm
f860de0cc20ea6e9d5fbbd936dd03894  2.2/rpms/apache-suexec-2.0.54-6tr.i586.rpm
86c12367b8ebf370de0ba4fdeaea3da7  2.2/rpms/curl-7.14.0-1tr.i586.rpm
e26dbc98ca7250541b011617c72fbed9  2.2/rpms/curl-devel-7.14.0-1tr.i586.rpm
c23436e55d87e5a85d3e3abd179738ff  2.2/rpms/php-5.0.4-9tr.i586.rpm
4f347e957ccc0975e17a07815eef2cac  2.2/rpms/php-cli-5.0.4-9tr.i586.rpm
64a1e249fcc5ca574a7404fcf2a12788  2.2/rpms/php-curl-5.0.4-9tr.i586.rpm
90a8cc8f2a7b26b8e7a8df9904d85047  2.2/rpms/php-devel-5.0.4-9tr.i586.rpm
052e2dbbceaddd0c1312c88210d3dda6  2.2/rpms/php-exif-5.0.4-9tr.i586.rpm
969d60eb4bedf39d82b80ab5a37ebcdc  2.2/rpms/php-gd-5.0.4-9tr.i586.rpm
351294aa4f415fb498353ff5588a3b3a  2.2/rpms/php-imap-5.0.4-9tr.i586.rpm
e8f9912630a0c4d37bb2ba02e5598781  2.2/rpms/php-ldap-5.0.4-9tr.i586.rpm
66b2c116c8f6b27c2fc59275c4a77c57  2.2/rpms/php-mhash-5.0.4-9tr.i586.rpm
2d6afe093f0abc08a0e9cfbd1e2313ed  2.2/rpms/php-mysql-5.0.4-9tr.i586.rpm
2f0015cdbcccb8c6a99053b30f51f71f  2.2/rpms/php-mysqli-5.0.4-9tr.i586.rpm
4963337fb66a70a2865cfa292fc33d8f  2.2/rpms/php-pgsql-5.0.4-9tr.i586.rpm
39abccd8992a0d918a5fad4b4039c880  2.2/rpms/php-zlib-5.0.4-9tr.i586.rpm
- - --------------------------------------------------------------------------


Trustix Security Team


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC/J4fi8CEzsK9IksRAq1jAJ0QxXoUsh5LyPLMk7nmNw50w4kvrwCgo7av
xqxS2bWZBVn0Lj+j+fglRuU=
=ZsG0
- -----END PGP SIGNATURE-----



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Trustix for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQwCa+opao72zK539AQFjzQQAqEbT44hXdsFR6DNcLbzaQRuxItzuRGOT
2xGlHjGocMK6oCrRylizigsDb68Fj7nQuSNpj/y/tYvpUbl2oenxl9U27tSOQaG4
Ss8x9zA1ycOVOkbGl3ilJtflOXJhSYU+vMut1dzYc+Ny1k+zNRgb6ue30xhG4KMu
SqXq/buJtFk=
=HYr1
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________