lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200307041745.OAA18309@frajuto.distro.conectiva>
Date: Fri, 4 Jul 2003 14:45:20 -0300
From: Conectiva Updates <secure@...ectiva.com.br>
To: conectiva-updates@...aleguas.conectiva.com.br, lwn@....net,
	bugtraq@...urityfocus.com, security-alerts@...uxsecurity.com,
	linsec@...ts.seifried.org
Subject: [CLA-2003:675] Conectiva Security Announcement - ml85p


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : ml85p
SUMMARY   : Insecure temporary file creation
DATE      : 2003-07-04 14:43:00
ID        : CLA-2003:675
RELEVANT
RELEASES  : 7.0, 8

- -------------------------------------------------------------------------

DESCRIPTION
 ml85p[1] is a printer driver for the Samsung ML-85G and QL85G printer
 models.
 
 iDEFENSE published[2] the following vulnerabilities in some printer
 related packages, including ml85p:
 
 - mtink: this package is not distributed with Conectiva Linux;
 
 - escputil: the escputil program has a buffer overflow vulnerability
 in the way it deals with a printer name. Long enough names can be
 used to execute arbitrary code or crash the program. In Conectiva
 Linux, escputil is NOT a SGID program, so it is not possible to
 obtain higher privileges by exploiting this problem, but we are
 nevertheless including a fix with this update.
 
 - ml85p: this is a SUID root program and it creates temporary files
 in an insecure way, which makes it vulnerable to a race condition
 exploit. A local attacker could easily guess the name of this file
 and create a symbolic link to anywhere on the system. If the target
 exists, it will be overwritten; otherwise, it will be created with
 0666 permissions (world writable).
 
 There is, however, a condition for this to work: the attacker must be
 able to execute ml85p. By default, it is only executable by root or
 members of the "sys" group.


SOLUTION
 It is recommended that all ml85p and escputil users upgrade their
 packages.
 
 The ml85p package does not exist in Conectiva Linux 7: only the
 package corresponding to the escputil tool is being upgraded in that
 version of the distribution.
 
 Due to dependencies in the printer system, several other gimp-print
 packages in Conectiva Linux 8 have to be updated as well, even though
 they are not directly related to these vulnerabilities.


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/cups-drivers-1.0-3U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/cups-drivers-1.0-3U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/ml85p-0.1.0-3U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/gimp-print-4.2.0-12U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ml85p-0.1.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/escputil-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-da-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-en_GB-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-fr-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-no-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-pl-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-cups-sv-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-devel-ghostscript-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-doc-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/gimp-print-foomatic-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-devel-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libgimpprint1-devel-static-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/task-gimp-print-4.2.0-12U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/task-gimp-print-cups-4.2.0-12U80_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions reagarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@...aleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@...aleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/Bb0v42jd0JmAcZARAiLeAKCthNdeQsX3wavHGRTlW18gcHfIKACgx8o1
KGV7YsGfcmctCofSgfNNllQ=
=GFU6
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ