[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 730/06 - Two Mandriva Linux Security Advisories:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 UNIRAS (UK Government CERT) Briefing - 730/06 dated 09.11.06 time 14:35
 UNIRAS is part of NISCC (the UK National Infrastructure Security
 Co-ordination Centre)
______________________________________________________________________________

 UNIRAS material is available from the NISCC website at www.niscc.gov.uk
______________________________________________________________________________

Title
=====

Two Mandriva Linux Security Advisories:

1. MDKSA-2006:203 - Updated texinfo packages fix vulnerability

2. MDKSA-2006:204 - Updated openssh packages fix vulnerability

Detail
======

1.  Miloslav Trmac discovered a buffer overflow in texinfo. This issue can
 cause texi2dvi or texindex to crash when processing a carefully crafted
 file.

2.  A vulnerability in the privilege separation functionality in OpenSSH
 was discovered, caused by an incorrect checking for bad signatures in
 sshd's privsep monitor.  As a result, the monitor and the unprivileged
 process can get out sync.  The OpenSSH team indicated that this bug is
 not known to be exploitable in the abence of additional
 vulnerabilities.




1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:203
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : texinfo
 Date    : November 8, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Miloslav Trmac discovered a buffer overflow in texinfo. This issue can
 cause texi2dvi or texindex to crash when processing a carefully crafted
 file.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 cc1879d0392af708f7c37bca15dd9879  2006.0/i586/info-4.8-1.2.20060mdk.i586.rpm
 4c80a4e06e04e28ae6bc9d34d0ce6b9c  2006.0/i586/info-install-4.8-1.2.20060mdk.i586.rpm
 84e851c4c094d8259debe9a92da97efd  2006.0/i586/texinfo-4.8-1.2.20060mdk.i586.rpm 
 f63eeab2e5fd19d6df4d794cc9a0556d  2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 b37fd6f8393fe1a997da4dfcf24e0c6c  2006.0/x86_64/info-4.8-1.2.20060mdk.x86_64.rpm
 d3e5f5d3df7464226e370d18d2040d78  2006.0/x86_64/info-install-4.8-1.2.20060mdk.x86_64.rpm
 94ad72f47a76488f8fe3000187217e9d  2006.0/x86_64/texinfo-4.8-1.2.20060mdk.x86_64.rpm 
 f63eeab2e5fd19d6df4d794cc9a0556d  2006.0/SRPMS/texinfo-4.8-1.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 841f25fd2ae052fa135f347d1a321a61  2007.0/i586/info-4.8-4.1mdv2007.0.i586.rpm
 d0ba0f48503167816581c5f4166949ad  2007.0/i586/info-install-4.8-4.1mdv2007.0.i586.rpm
 c731ee9865530fdbafc445b56b67e5ad  2007.0/i586/texinfo-4.8-4.1mdv2007.0.i586.rpm 
 b8bf1a5838ac82d4910e9a5e5ea612b4  2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 054058a5ef065bc25d0bb87b36ad3622  2007.0/x86_64/info-4.8-4.1mdv2007.0.x86_64.rpm
 5b63631e0cd60e201e14332faf3e30d8  2007.0/x86_64/info-install-4.8-4.1mdv2007.0.x86_64.rpm
 cbdda90e9cce0abc9de7fdfab70f593e  2007.0/x86_64/texinfo-4.8-4.1mdv2007.0.x86_64.rpm 
 b8bf1a5838ac82d4910e9a5e5ea612b4  2007.0/SRPMS/texinfo-4.8-4.1mdv2007.0.src.rpm

 Corporate 3.0:
 81b5711c0afe51a12aa4458ab0b680c3  corporate/3.0/i586/info-4.6-1.2.C30mdk.i586.rpm
 65e67c1be9ca13d7320218e60fab855c  corporate/3.0/i586/info-install-4.6-1.2.C30mdk.i586.rpm
 fc7f021455259a97412c95b3939ede98  corporate/3.0/i586/texinfo-4.6-1.2.C30mdk.i586.rpm 
 13d484c70a47aa50038c1f59b514aaaa  corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 942bc82c461a5bd53799978b7c7d37ac  corporate/3.0/x86_64/info-4.6-1.2.C30mdk.x86_64.rpm
 616999400ddebcfc8593bfb47f7a8835  corporate/3.0/x86_64/info-install-4.6-1.2.C30mdk.x86_64.rpm
 ad900d22f4e1402ef303aa211109845a  corporate/3.0/x86_64/texinfo-4.6-1.2.C30mdk.x86_64.rpm 
 13d484c70a47aa50038c1f59b514aaaa  corporate/3.0/SRPMS/texinfo-4.6-1.2.C30mdk.src.rpm

 Corporate 4.0:
 cc0ef9a317302dc40c14d90bbc10200d  corporate/4.0/i586/info-4.8-1.2.20060mlcs4.i586.rpm
 db1c66093560e85561313346c9e8d110  corporate/4.0/i586/info-install-4.8-1.2.20060mlcs4.i586.rpm
 cacd6c6cc8e1f1199d3bfc9efafe53f7  corporate/4.0/i586/texinfo-4.8-1.2.20060mlcs4.i586.rpm 
 915e8d5f747b0ed558491ed474f3ca4f  corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0016ff4dfe7b413ef3dff74d6d5037e2  corporate/4.0/x86_64/info-4.8-1.2.20060mlcs4.x86_64.rpm
 4d4b71acc580a419fbb2a8654324a8b7  corporate/4.0/x86_64/info-install-4.8-1.2.20060mlcs4.x86_64.rpm
 09f9fcfe879baa6a4296bde478e536c5  corporate/4.0/x86_64/texinfo-4.8-1.2.20060mlcs4.x86_64.rpm 
 915e8d5f747b0ed558491ed474f3ca4f  corporate/4.0/SRPMS/texinfo-4.8-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFUckhmqjQ0CJFipgRAq1PAJ4w4mL8uDnDkRGrZYQ7/Mz/8B98kwCggUQo
uHTmSaCDpMEUjAqWp9zkmOM=
=SLd6
- -----END PGP SIGNATURE-----




2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:204
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openssh
 Date    : November 8, 2006
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in the privilege separation functionality in OpenSSH
 was discovered, caused by an incorrect checking for bad signatures in
 sshd's privsep monitor.  As a result, the monitor and the unprivileged
 process can get out sync.  The OpenSSH team indicated that this bug is
 not known to be exploitable in the abence of additional
 vulnerabilities.

 Updated packages have been patched to correct this issue, and Mandriva
 Linux 2007 has received the latest version of OpenSSH.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5794
 http://www.openssh.com/txt/release-4.5
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 97d55a01498ae859817c236d6be17bb5  2006.0/i586/openssh-4.3p1-0.4.20060mdk.i586.rpm
 a47c9f8361c91de4c97b827171f379be  2006.0/i586/openssh-askpass-4.3p1-0.4.20060mdk.i586.rpm
 6a18e82f1251073d4f17bcb653a8da4a  2006.0/i586/openssh-askpass-gnome-4.3p1-0.4.20060mdk.i586.rpm
 36995045f95028848691226a3624d701  2006.0/i586/openssh-clients-4.3p1-0.4.20060mdk.i586.rpm
 598feb16c5b77c20b8d8e364a6d0a83e  2006.0/i586/openssh-server-4.3p1-0.4.20060mdk.i586.rpm 
 3c4642aa46959520d6374c5dd55c2488  2006.0/SRPMS/openssh-4.3p1-0.4.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d5d932876aab273d0734de9a156f3514  2006.0/x86_64/openssh-4.3p1-0.4.20060mdk.x86_64.rpm
 4d921a0e4c743b78824c100e49480a43  2006.0/x86_64/openssh-askpass-4.3p1-0.4.20060mdk.x86_64.rpm
 79d975ab47eb58aa39350d0cb56a3507  2006.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.20060mdk.x86_64.rpm
 52eb00190b757e7ca842fad40e34cdec  2006.0/x86_64/openssh-clients-4.3p1-0.4.20060mdk.x86_64.rpm
 25bb2488c0c460ca2ee28814b5902d6f  2006.0/x86_64/openssh-server-4.3p1-0.4.20060mdk.x86_64.rpm 
 3c4642aa46959520d6374c5dd55c2488  2006.0/SRPMS/openssh-4.3p1-0.4.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 685ed779bc6e5b069456c1a1ec3cbde0  2007.0/i586/openssh-4.5p1-0.1mdv2007.0.i586.rpm
 22384a44c965285f8077624d7d35c2aa  2007.0/i586/openssh-askpass-4.5p1-0.1mdv2007.0.i586.rpm
 eb05d1b12e62a590d6a627ea9a058a1a  2007.0/i586/openssh-askpass-common-4.5p1-0.1mdv2007.0.i586.rpm
 31de85b9ec2be0990e03f0e52350a826  2007.0/i586/openssh-askpass-gnome-4.5p1-0.1mdv2007.0.i586.rpm
 9a17d425bdd1e7d62ecc96dccbb25aaf  2007.0/i586/openssh-clients-4.5p1-0.1mdv2007.0.i586.rpm
 d93dc4b53d3e9a683dc5878ae5bf3139  2007.0/i586/openssh-server-4.5p1-0.1mdv2007.0.i586.rpm 
 48dfb1f18e3a82ba39fc5dcdbc98ac9b  2007.0/SRPMS/openssh-4.5p1-0.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 083b3ffdb875a5f053c41bc8913b9bea  2007.0/x86_64/openssh-4.5p1-0.1mdv2007.0.x86_64.rpm
 3e096fa50c7440c76f748c9d6c76f551  2007.0/x86_64/openssh-askpass-4.5p1-0.1mdv2007.0.x86_64.rpm
 a0b32fd47e7b00b3240ae94a3e555915  2007.0/x86_64/openssh-askpass-common-4.5p1-0.1mdv2007.0.x86_64.rpm
 8c200957e509389151a07b56b2a1b9d2  2007.0/x86_64/openssh-askpass-gnome-4.5p1-0.1mdv2007.0.x86_64.rpm
 cb15557e3e324dfd9a4c4739f2513989  2007.0/x86_64/openssh-clients-4.5p1-0.1mdv2007.0.x86_64.rpm
 0a4aedec1aee0c6449eb4258e98417ab  2007.0/x86_64/openssh-server-4.5p1-0.1mdv2007.0.x86_64.rpm 
 48dfb1f18e3a82ba39fc5dcdbc98ac9b  2007.0/SRPMS/openssh-4.5p1-0.1mdv2007.0.src.rpm

 Corporate 3.0:
 55fdb58d443f991360f2f650c55be459  corporate/3.0/i586/openssh-4.3p1-0.3.C30mdk.i586.rpm
 49862cc132762967617b68eb04a7227b  corporate/3.0/i586/openssh-askpass-4.3p1-0.3.C30mdk.i586.rpm
 ef5f7e7432c6545e2ed5b652db791347  corporate/3.0/i586/openssh-askpass-gnome-4.3p1-0.3.C30mdk.i586.rpm
 74f630bf4cabda7c0e74d8dcddb2df96  corporate/3.0/i586/openssh-clients-4.3p1-0.3.C30mdk.i586.rpm
 1a59b176b78cd8a042847f91c94e34e7  corporate/3.0/i586/openssh-server-4.3p1-0.3.C30mdk.i586.rpm 
 4e683f1e7cf9a3f00ac6792e661184bb  corporate/3.0/SRPMS/openssh-4.3p1-0.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 53994a4dca0377a152eef5b7b1824db6  corporate/3.0/x86_64/openssh-4.3p1-0.3.C30mdk.x86_64.rpm
 09832364e0f432cd254b3ed53876b9c7  corporate/3.0/x86_64/openssh-askpass-4.3p1-0.3.C30mdk.x86_64.rpm
 ba54af4f6d57353cf07ead346ef0a66e  corporate/3.0/x86_64/openssh-askpass-gnome-4.3p1-0.3.C30mdk.x86_64.rpm
 0a3351846f58a6f59def15b93ac75463  corporate/3.0/x86_64/openssh-clients-4.3p1-0.3.C30mdk.x86_64.rpm
 c5afc0df524e025b6a1f685dd5475d85  corporate/3.0/x86_64/openssh-server-4.3p1-0.3.C30mdk.x86_64.rpm 
 4e683f1e7cf9a3f00ac6792e661184bb  corporate/3.0/SRPMS/openssh-4.3p1-0.3.C30mdk.src.rpm

 Corporate 4.0:
 91b64f8c6354fe0dac3bbc45412a90cb  corporate/4.0/i586/openssh-4.3p1-0.4.20060mlcs4.i586.rpm
 f894df39703e3526828d40b87905c900  corporate/4.0/i586/openssh-askpass-4.3p1-0.4.20060mlcs4.i586.rpm
 981aa54d8a6ad3ed6f350f6871c61edc  corporate/4.0/i586/openssh-askpass-gnome-4.3p1-0.4.20060mlcs4.i586.rpm
 77c2c6eecd5d45d9e1f2f9ca39e8d54d  corporate/4.0/i586/openssh-clients-4.3p1-0.4.20060mlcs4.i586.rpm
 feb3958987ee69997170c5464bd596ac  corporate/4.0/i586/openssh-server-4.3p1-0.4.20060mlcs4.i586.rpm 
 5f958b84f60ef962b84a4f46b6d80424  corporate/4.0/SRPMS/openssh-4.3p1-0.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 16c2fea9fa550b9827e619b43b731bdd  corporate/4.0/x86_64/openssh-4.3p1-0.4.20060mlcs4.x86_64.rpm
 3b1de1edad9666fe782736f32c450104  corporate/4.0/x86_64/openssh-askpass-4.3p1-0.4.20060mlcs4.x86_64.rpm
 351b0c9655f7d516a608376620d93aa8  corporate/4.0/x86_64/openssh-askpass-gnome-4.3p1-0.4.20060mlcs4.x86_64.rpm
 487f7c3948e58b0e5e03a1b419b6a339  corporate/4.0/x86_64/openssh-clients-4.3p1-0.4.20060mlcs4.x86_64.rpm
 a03b7d99254a22c05c3e6043c5e82e94  corporate/4.0/x86_64/openssh-server-4.3p1-0.4.20060mlcs4.x86_64.rpm 
 5f958b84f60ef962b84a4f46b6d80424  corporate/4.0/SRPMS/openssh-4.3p1-0.4.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 2c2cd66daadd721d7065112d66b1ed98  mnf/2.0/i586/openssh-4.3p1-0.3.M20mdk.i586.rpm
 ab6d7afa2944fdf1e38ca76e2ee7484c  mnf/2.0/i586/openssh-askpass-4.3p1-0.3.M20mdk.i586.rpm
 246f480977cacf68ee80ef51d5ecc577  mnf/2.0/i586/openssh-askpass-gnome-4.3p1-0.3.M20mdk.i586.rpm
 3e98575c58f023e11733fddd0c8ec459  mnf/2.0/i586/openssh-clients-4.3p1-0.3.M20mdk.i586.rpm
 9ba7ab6f44be202d16377cd04f1eb69e  mnf/2.0/i586/openssh-server-4.3p1-0.3.M20mdk.i586.rpm 
 f2c5acde98d371f1efb858a9c3d07da8  mnf/2.0/SRPMS/openssh-4.3p1-0.3.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFUlOJmqjQ0CJFipgRArC5AJ0e2uIQUZjyf4Mqo7gAmIE1o1Fh0ACfVwSo
72A6UAQ1pI3kHD7stEduBso=
=woyj
- -----END PGP SIGNATURE-----



______________________________________________________________________________

NISCC values your feedback.

1. Which of the following most reflects the value of the briefing to you?
(Place an 'X' next to your choice)

Very useful:__ Useful:__ Not useful:__ 

2. If you did not find it useful, why not?


3. Any other comments? How could we improve our briefings?


Thank you for your contribution.
______________________________________________________________________________

For additional information or assistance, please contact our help desk
by telephone.  You may send Not Protectively Marked information via
e-mail to uniras@xxxxxxxxxxxxx

Office hours:

Mon - Fri: 08:30 - 17:00 hours
Tel: +44 (0) 870 487 0748 and follow the voice prompts
Fax: +44 (0) 870 487 0749

On-call duty officer outside office hours:
Tel: +44 (0) 870 487 0748 and follow the voice prompts

______________________________________________________________________________

UNIRAS wishes to acknowledge the contributions of Mandriva for the
information contained in this briefing.
______________________________________________________________________________

This notice contains information released by the original author.
Some of the information may have changed since it was released. If the
vulnerability affects you, it may be prudent to retrieve the advisory
from the site of the original source to ensure that you receive the most
current information concerning that problem.

Reference to any specific commercial product, process, or service by
trade name, trademark manufacturer, or otherwise, does not constitute or
imply its endorsement, recommendation, or favouring by UNIRAS or NISCC.
The views and opinions of authors expressed within this notice shall not
be used for advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they
shall not be liable for any loss or damage whatsoever, arising from or
in connection with the usage of information contained within this
notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response
Teams (IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
______________________________________________________________________________

<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBRVM7a2l7oeQsXfKvEQJMEQCfYEw8+xaO9nrcoVDp8UfOUZPOUTAAn0qA
P05kN2calliu2exVluVONnHS
=IX4D
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________