lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041220103032.GA31783@tsunami.trustix.net>
Date: Mon, 20 Dec 2004 11:30:32 +0100
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2004-0066 - multi


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Advisory #2004-0066

Package name:      samba, php
Summary:           Security update
Date:              2004-12-17
Affected versions: Trustix Secure Linux 1.5
                   Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  samba:
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines.

  php:
  PHP is an HTML-embedded scripting language. PHP attempts to make it
  easy for developers to write dynamically generated web pages.

Problem description:
  samba:
  From the Samba security advisory:
  Remote exploitation of an integer overflow vulnerability
  in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
  and Samba 3.0.x prior to and including 3.0.9 could
  allow an attacker to cause controllable heap corruption,
  leading to execution of arbitrary commands with root
  privileges.

  The vulnerability was discovered by Greg MacManus, iDEFENSE Labs.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-1154 to this issue.


  php:
  (Taken from the php.net announce:)
  The PHP Development Team would like to announce the immediate release
  of PHP 4.3.10 and PHP 5.0.3. These are maintenance releases that in
  addition to non-critical bug fixes address several very serious
  security issues. All Users of PHP are strongly encouraged to upgrade
  to one of these releases as soon as possible.  
  
  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the following names to these issues:
  CAN-2004-1018
  CAN-2004-1019
  CAN-2004-1020
  CAN-2004-1063
  CAN-2004-1064
  CAN-2004-1065

  These issues were discovered during development of Hardened-PHP.


Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.5/>,
  <URI:http://www.trustix.org/errata/trustix-2.0/>,
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0066/>


MD5sums of the packages:
- --------------------------------------------------------------------------
7ebef6eb72e110964698ad5f09f3981f  2.2/rpms/php-5.0.3-1tr.i586.rpm
c1058c80de6c30e59a87cdd63963aefc  2.2/rpms/php-cli-5.0.3-1tr.i586.rpm
0539366f0d0fdfa229280d359d2fd2f3  2.2/rpms/php-devel-5.0.3-1tr.i586.rpm
5ce4ce359089abc97d2f48e995dc873f  2.2/rpms/php-exif-5.0.3-1tr.i586.rpm
4dbd598c1435b21ec6631141fc45546d  2.2/rpms/php-gd-5.0.3-1tr.i586.rpm
7380f251f027e0311f906991da5d8d27  2.2/rpms/php-imap-5.0.3-1tr.i586.rpm
5062dfde4cc6661950739ecb69972573  2.2/rpms/php-ldap-5.0.3-1tr.i586.rpm
d2a980389878953f4f464b989984ee26  2.2/rpms/php-mysql-5.0.3-1tr.i586.rpm
15928d6fe2583caf82ca440b5a7f14c6  2.2/rpms/php-mysqli-5.0.3-1tr.i586.rpm
f94be48dd4f3d18ab049013353fe5289  2.2/rpms/php-pgsql-5.0.3-1tr.i586.rpm
d7585dda89f750e6d2d08653f799a68a  2.2/rpms/php-zlib-5.0.3-1tr.i586.rpm
29f5387759587834b61981ff45735882  2.2/rpms/samba-3.0.10-2tr.i586.rpm
be1bac2ac2b29acc75108d8195cdf4c6  2.2/rpms/samba-client-3.0.10-2tr.i586.rpm
4ccd996bb5f4bef03bbeb58ce77be97b  2.2/rpms/samba-common-3.0.10-2tr.i586.rpm
66a68733c7aedf3c1951e71b6bc46531  2.2/rpms/samba-mysql-3.0.10-2tr.i586.rpm

c1264842436599418875d122de0a6089  2.1/rpms/mod_php4-4.3.10-2tr.i586.rpm
0e462ae3d2e4972770f2bfdac552e221  2.1/rpms/mod_php4-cli-4.3.10-2tr.i586.rpm
8c6fa506cec54a7f74dbaddadcc4f01e  2.1/rpms/mod_php4-devel-4.3.10-2tr.i586.rpm
f66f188a1c77e7e4e21935b19508c0f2  2.1/rpms/mod_php4-domxml-4.3.10-2tr.i586.rpm
1241029e12a40e02175d6f7606d9061e  2.1/rpms/mod_php4-exif-4.3.10-2tr.i586.rpm
cdf39d3223096b07cf3ec2fdff51a607  2.1/rpms/mod_php4-gd-4.3.10-2tr.i586.rpm
324eefe2e5988429a6a8ee8914010811  2.1/rpms/mod_php4-imap-4.3.10-2tr.i586.rpm
67f90486f7d703990da6fb261ec0ea66  2.1/rpms/mod_php4-ldap-4.3.10-2tr.i586.rpm
547b254cd49576451b6b4842b56724a3  2.1/rpms/mod_php4-mysql-4.3.10-2tr.i586.rpm
c1ba8277cc10651885e30ad300c14ee5  2.1/rpms/mod_php4-pgsql-4.3.10-2tr.i586.rpm
cb3c0b177b7db0e67d3d2e0cceec7666  2.1/rpms/mod_php4-test-4.3.10-2tr.i586.rpm
f41699eca46f9354c61dff96a498dad9  2.1/rpms/samba-3.0.10-1tr.i586.rpm
b3dbc70b7476fcb56c600e8ead07ac2f  2.1/rpms/samba-client-3.0.10-1tr.i586.rpm
eb68d9044c87db5b0f587e2ab9868257  2.1/rpms/samba-common-3.0.10-1tr.i586.rpm
498a4a71b63b5d2c4ae93b142ef7793a  2.1/rpms/samba-mysql-3.0.10-1tr.i586.rpm

024d23f9108346caa6bacf602436f763  2.0/rpms/mod_php4-4.3.10-0.1tr.i586.rpm
f152358ed5d07df15fe0b19ee2108541  2.0/rpms/mod_php4-cli-4.3.10-0.1tr.i586.rpm
77aae342d3c43f206c965fa602fbac5c  2.0/rpms/mod_php4-devel-4.3.10-0.1tr.i586.rpm
6d5b80443ec117e84f18a4fa93ea8a8b  2.0/rpms/mod_php4-domxml-4.3.10-0.1tr.i586.rpm5332230743998221708f9805b09912a5  2.0/rpms/mod_php4-exif-4.3.10-0.1tr.i586.rpm
9a3fe6445e5fd378671f24bbae602568  2.0/rpms/mod_php4-gd-4.3.10-0.1tr.i586.rpm
d72b78cb7feeefe0315a4abdd60ff84d  2.0/rpms/mod_php4-imap-4.3.10-0.1tr.i586.rpm
5c064294d87a81ead083c4c29436d90e  2.0/rpms/mod_php4-ldap-4.3.10-0.1tr.i586.rpm
fc92531cc819444c0c5f0a05c5eb00fe  2.0/rpms/mod_php4-mysql-4.3.10-0.1tr.i586.rpm
ee7940420aa095f9a75ed0ff7043c529  2.0/rpms/mod_php4-pgsql-4.3.10-0.1tr.i586.rpm
a5bd0870de912f1b0acdcd910744a90c  2.0/rpms/mod_php4-test-4.3.10-0.1tr.i586.rpm
d8a1e4a95522036f92c8ff29004565e4  2.0/rpms/samba-2.2.12-2tr.i586.rpm
bd0bca48c1f9c2098058702d66071294  2.0/rpms/samba-client-2.2.12-2tr.i586.rpm
5a168fad64662df3c24da7ace22b9d12  2.0/rpms/samba-common-2.2.12-2tr.i586.rpm

0df3a8b4019fa7ba15924ce00f0a473f  1.5/rpms/samba-2.2.12-0.2tr.i586.rpm
ad25ffeec248f82f291ef11f498aa511  1.5/rpms/samba-client-2.2.12-0.2tr.i586.rpm
7c36b9e93ce777c524e360634d0d2c94  1.5/rpms/samba-common-2.2.12-0.2tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBxopqi8CEzsK9IksRAqApAJ9+lagoL9IgFQIb7jDy+fCOuQpmxACeO9FC
Q0a+PBvUj7N3y9ftJIKJPw0=
=JiKZ
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ