[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 635/05 - Mandriva - Two Security Update Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 635/05 dated 16.08.05  Time: 11:05  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Mandriva - Two Security Update Advisories:
     1.  Updated gaim packages fix yet more vulnerabilities          [MDKSA-2005:139]
     2.  Updated proftpd packages fix format string vulnerabilities  [MDKSA-2005:140]


Detail
====== 

Security update advisory summaries:

     1.  Yet more vulnerabilities have been discovered in the gaim IM client. 
         Invalid characters in a sent file can cause Gaim to crash on some
         systems (CAN-2005-2102); a remote AIM or ICQ user can cause a buffer
         overflow in Gaim by setting an away message containing many AIM
         substitution strings (CAN-2005-2103); a memory alignment bug in the
         library used by Gaim to access the Gadu-Gadu network can result in
         a buffer overflow on non-x86 architecture systems.

     2.  Two format string vulnerabilities were discovered in ProFTPD.  The
         first exists when displaying a shutdown message containing the name of
         the current directory.  The second exists when displaying response 
         messages to the client using information retrieved from a database 
         using mod_sql.


Security update advisory content follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           gaim
 Advisory ID:            MDKSA-2005:139
 Date:                   August 15th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Yet more vulnerabilities have been discovered in the gaim IM client. 
 Invalid characters in a sent file can cause Gaim to crash on some
 systems (CAN-2005-2102); a remote AIM or ICQ user can cause a buffer
 overflow in Gaim by setting an away message containing many AIM
 substitution strings (CAN-2005-2103); a memory alignment bug in the
 library used by Gaim to access the Gadu-Gadu network can result in
 a buffer overflow on non-x86 architecture systems (CAN-2005-2370).
 
 These problems have been corrected in gaim 1.5.0 which is provided with
 this update.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CNA-2005-2370
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 eae023d3ea9c455993f0f3118a39efe7  10.1/RPMS/gaim-1.5.0-0.1.101mdk.i586.rpm
 022e79c6c6ef153d6ec2c60be3495150  10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.i586.rpm
 180fbe47e768745cffe981918b00c787  10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.i586.rpm
 f27fd157c744e763dbf131cc50706456  10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.i586.rpm
 d8fd5b1131755eb60710a068a682d67b  10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.i586.rpm
 c3a05a2d53eaccf626681119de32dd48  10.1/RPMS/libgaim-remote0-1.5.0-0.1.101mdk.i586.rpm
 40ef7656bd292a35c0b0a19606f5fbf4  10.1/RPMS/libgaim-remote0-devel-1.5.0-0.1.101mdk.i586.rpm
 c87d6ac4271561d5897e6d0d8789821f  10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 c336fce539378546bb2883b5cfd5fd58  x86_64/10.1/RPMS/gaim-1.5.0-0.1.101mdk.x86_64.rpm
 dc651324febed15bf25fe63e089d3ad8  x86_64/10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.x86_64.rpm
 10dfe256275aa5482325da802a06ccc6  x86_64/10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.x86_64.rpm
 56706dce2dde9072698665ac7956e1dd  x86_64/10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.x86_64.rpm
 eb9bce3ee007dbb318be873c1b1591d7  x86_64/10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.x86_64.rpm
 24df09e5d11bc31dba01407649e2f216  x86_64/10.1/RPMS/lib64gaim-remote0-1.5.0-0.1.101mdk.x86_64.rpm
 44bb0ec8c957f5a3a88d5f3977606570  x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.101mdk.x86_64.rpm
 c87d6ac4271561d5897e6d0d8789821f  x86_64/10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 78e555fd3645ebe6b65d597fe4111ce5  10.2/RPMS/gaim-1.5.0-0.1.102mdk.i586.rpm
 5d4075c783b839b23df0b59f36526809  10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.i586.rpm
 c8261c301e07613f8df955c217cd5959  10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.i586.rpm
 c348d7aec2579dfdeac86fdb8a2b7d56  10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.i586.rpm
 79aef8848a29533d7ff926bf94768349  10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.i586.rpm
 cf2bc6595be035c826df355f5694f09b  10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.i586.rpm
 569ac4d9ee83efe4215f8e37c433d730  10.2/RPMS/libgaim-remote0-1.5.0-0.1.102mdk.i586.rpm
 3cff6f85a1a4e8b7dfa3e2f3b9aa8183  10.2/RPMS/libgaim-remote0-devel-1.5.0-0.1.102mdk.i586.rpm
 81933632048e345262a031727ccc2f88  10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 af600fa897521406d12300a96a3edc5f  x86_64/10.2/RPMS/gaim-1.5.0-0.1.102mdk.x86_64.rpm
 6ffd17bc6ee6eb26a0b4870f548c7e50  x86_64/10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.x86_64.rpm
 c44e769a69b33d3025bc7657fdbb1741  x86_64/10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.x86_64.rpm
 7f43078544ed57c3455bad5729f260b7  x86_64/10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.x86_64.rpm
 a583e4aeed9af7e557cb8afe977ff975  x86_64/10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.x86_64.rpm
 d2df8bad7602db180b62d53aa50baeff  x86_64/10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.x86_64.rpm
 5546c3363b33949b09f05b42f14416b9  x86_64/10.2/RPMS/lib64gaim-remote0-1.5.0-0.1.102mdk.x86_64.rpm
 c56ad5acb7ee4350b538fd86262572e0  x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.102mdk.x86_64.rpm
 81933632048e345262a031727ccc2f88  x86_64/10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

 Corporate 3.0:
 a699d8ab5e69d519041a7123ac905cf6  corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.i586.rpm
 91b9147658a2b3a755b1e6b820b6c173  corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.i586.rpm
 e7bd6d49890ad51c38c3f1a408eafeb0  corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.i586.rpm
 06792dc99f87d5f698dabedad9292627  corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.i586.rpm
 a654c2eacca5827a2b06d21c5111c0be  corporate/3.0/RPMS/libgaim-remote0-1.5.0-0.1.C30mdk.i586.rpm
 4ecc50f7eecd86d6e45310804eb49e24  corporate/3.0/RPMS/libgaim-remote0-devel-1.5.0-0.1.C30mdk.i586.rpm
 d12b5c04e37be82ed716d43b7f53bf68  corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 446674193e028268a27c6f595644c265  x86_64/corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.x86_64.rpm
 adc0b49cddc2bc09cdfa0876a27aec8d  x86_64/corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.x86_64.rpm
 b5d8baceacef67ba19379d11bad99ecf  x86_64/corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.x86_64.rpm
 2ff79f4094d409df7c2503f58442294f  x86_64/corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.x86_64.rpm
 90e1f44e9436f54ba16c8ea0ca9c022d  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.5.0-0.1.C30mdk.x86_64.rpm
 21c80d62a09a0928f39274a9c957b1a8  x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.C30mdk.x86_64.rpm
 d12b5c04e37be82ed716d43b7f53bf68  x86_64/corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDAUsPmqjQ0CJFipgRAvoBAKDy387T7TYsr5ldW/gWdI2Zz0OvqgCfXrLr
9t3+vAdNpFzSn/CtFZoui5Y=
=q7kA
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           proftpd
 Advisory ID:            MDKSA-2005:140
 Date:                   August 15th, 2005

 Affected versions:	 10.0, 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Two format string vulnerabilities were discovered in ProFTPD.  The
 first exists when displaying a shutdown message containin the name of
 the current directory.  This could be exploited by a user who creates
 a directory containing format specifiers and sets the directory as the
 current directory when the shutdown message is being sent.
 
 The second exists when displaying response messages to the cleint using
 information retreived from a database using mod_sql.  Note that mod_sql
 support is not enabled by default, but the contrib source file has been
 patched regardless.
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2390
  http://secunia.com/advisories/16181
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 9754b8d4357f6843ed9f613d1daeca4e  10.0/RPMS/proftpd-1.2.9-3.3.100mdk.i586.rpm
 9009783efdf84c2f92a988e6268f0631  10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.i586.rpm
 cef8ec2cd6a3ec3c1e2b737221cbf97c  10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 23c5bf83875f00ab5f554029c6aa9177  amd64/10.0/RPMS/proftpd-1.2.9-3.3.100mdk.amd64.rpm
 80b34a20f86d090c0b1f19972f213af8  amd64/10.0/RPMS/proftpd-anonymous-1.2.9-3.3.100mdk.amd64.rpm
 cef8ec2cd6a3ec3c1e2b737221cbf97c  amd64/10.0/SRPMS/proftpd-1.2.9-3.3.100mdk.src.rpm

 Mandrakelinux 10.1:
 68039b1c9e9090856e8e93c11edc3c10  10.1/RPMS/proftpd-1.2.10-2.1.101mdk.i586.rpm
 0952d937b0d8432eeb365ea07ba267b9  10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.i586.rpm
 fafda6527589ac244691743278c5fb2f  10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 1c37bda199475b68dae530c06285222f  x86_64/10.1/RPMS/proftpd-1.2.10-2.1.101mdk.x86_64.rpm
 4e2c3f72c6bc1710e82f81d919df4a0d  x86_64/10.1/RPMS/proftpd-anonymous-1.2.10-2.1.101mdk.x86_64.rpm
 fafda6527589ac244691743278c5fb2f  x86_64/10.1/SRPMS/proftpd-1.2.10-2.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 62c9ac6c9f9cefe3ae26d00287430abd  10.2/RPMS/proftpd-1.2.10-9.1.102mdk.i586.rpm
 77020ac5c67cf4ed616a4d858cbdca61  10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.i586.rpm
 332bc621d075cce043964146d874eefc  10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 9077e02a37afaeef184095d5e32d4795  x86_64/10.2/RPMS/proftpd-1.2.10-9.1.102mdk.x86_64.rpm
 6f7e7a053d2a8d3872efdd87dcf1227f  x86_64/10.2/RPMS/proftpd-anonymous-1.2.10-9.1.102mdk.x86_64.rpm
 332bc621d075cce043964146d874eefc  x86_64/10.2/SRPMS/proftpd-1.2.10-9.1.102mdk.src.rpm

 Corporate 3.0:
 ed09c8c53d71e04c21ffaf1d647722c1  corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.i586.rpm
 5885b14d6817c11ef29c03aed76cb61f  corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.i586.rpm
 b71bb2a58e0ac2d224c2fc332fbccdc7  corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 96d72d9503f3b7f86d7b162453f9f25c  x86_64/corporate/3.0/RPMS/proftpd-1.2.9-3.3.C30mdk.x86_64.rpm
 eff847004e164052d380b9937ec641ee  x86_64/corporate/3.0/RPMS/proftpd-anonymous-1.2.9-3.3.C30mdk.x86_64.rpm
 b71bb2a58e0ac2d224c2fc332fbccdc7  x86_64/corporate/3.0/SRPMS/proftpd-1.2.9-3.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDAUt5mqjQ0CJFipgRAqCQAKDYxGSSDQIrxuL9LnqxWOo5vl/fwgCdFevV
WMVFZhi3wVbAG3ShLkcuKts=
=VlqT
- -----END PGP SIGNATURE-----


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Mandriva for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQwG6N4pao72zK539AQEekAP/VK9RiNgP6wH9cUTosIMoyvoeD3fTz0o/
TaX+4NBxVwXAQw6qWvsp7QxRasvNsZK2UZZybYjy3rBKW1RS2h4Ew6hxKPV+MK2D
4GLhh+u7Rk6Z1B6p3IT+mqCf+MsA8A5cdLTfg9126QjAi3QtlLYrHMc3APbGmnbt
+EshkBd8lQA=
=d4YR
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________