lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050714100751.GA17006@tsunami.trustix.net>
Date: Thu, 14 Jul 2005 12:07:51 +0200
From: Trustix Security Advisor <tsl@...stix.org>
To: bugtraq@...urityfocus.com
Subject: TSLSA-2005-0036 - multi


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0036

Package name:      kerberos5, kernel, php4
Summary:           Various security fixes
Date:              2005-07-14
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  kerberos5:
  (MIT) Kerberos is a network authentication protocol. It is designed to
  provide strong authentication for client/server applications by using
  secret-key cryptography.  A free implementation of this protocol is
  available from the Massachusetts Institute of Technology. Kerberos is
  available in many commercial products as well.

  kernel:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.

  php4:
  PHP is an HTML-embedded scripting language.  PHP attempts to make it
  easy for developers to write dynamically generated web pages.  PHP
  also offers built-in database integration for several commercial
  and non-commercial database management systems, so writing a
  database-enabled web page with PHP is fairly simple.  The most
  common use of PHP coding is probably as a replacement for CGI
  scripts.  The mod_php module enables the Apache web server to
  understand and process the embedded PHP language in web pages.

Problem description:
  kerberos5:
  - Double-free in krb5_recvauth (CAN-2005-1689).
    Buffer overflow, Heap corruption in KDC (CAN-2005-1174) and (CAN-2005-1175)
    Fixed Bug# 1073 and 1075

  kernel:
  - Fixed Race condition within system calls (CAN-2005-1768). Fix Bug #1065.
    Critical and major fixes has been done.

  php4:
  - New Upstream
  - Security Bug Fix release to 4.3.11, Fix Bug #1064 
    Vendor update for XML_RPC to fix remote code execution vulnerability. 

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/> and
  <URI:http://www.trustix.org/errata/trustix-3.0/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0036/>


MD5sums of the packages:
- --------------------------------------------------------------------------
1b7fe9c06bb4791df6d2e9e546ea775b  3.0/rpms/kerberos5-1.4.1-5tr.i586.rpm
4da5de7687952478f5629b01dc937d15  3.0/rpms/kerberos5-devel-1.4.1-5tr.i586.rpm
a649e160958f628c959fbb27d5d2a689  3.0/rpms/kerberos5-libs-1.4.1-5tr.i586.rpm

3ee2030fdadca8409a62fc797f19cd68  2.2/rpms/kerberos5-1.3.6-5tr.i586.rpm
6e1278f8dc2edaed547d2039c8bffa2c  2.2/rpms/kerberos5-devel-1.3.6-5tr.i586.rpm
eafdea3a4d558845a757dfe475069e74  2.2/rpms/kerberos5-libs-1.3.6-5tr.i586.rpm
e8efd21c111e0c0f77ea6d5552ad9b28  kernel-2.4.31-4tr.i586.rpm
983172ad01677d9154bf2e8cb18e2c6e  kernel-BOOT-2.4.31-4tr.i586.rpm
481b31855846891f8665963afb93fe1b  kernel-doc-2.4.31-4tr.i586.rpm
5e02303168c0cbe74fc2ddc1b570f2e1  kernel-smp-2.4.31-4tr.i586.rpm
46edf8595351e06e25957d1faee90b22  kernel-source-2.4.31-4tr.i586.rpm
50d48f6ec84ed09548fd3326d83f54cc  kernel-utils-2.4.31-4tr.i586.rpm
049887017b1c55f552c24d0bb3df68c4  2.2/rpms/php4-4.4.0-1tr.i586.rpm
5f46aa47bdec2e97dd2aa8981e3e9d8c  2.2/rpms/php4-cli-4.4.0-1tr.i586.rpm
92f291964bfed09c2691056caa74d0f8  2.2/rpms/php4-devel-4.4.0-1tr.i586.rpm
eeebf3f79c167ac97f8b6b21cd283093  2.2/rpms/php4-domxml-4.4.0-1tr.i586.rpm
82f8464b62514f03edb657f0ad3a73d6  2.2/rpms/php4-exif-4.4.0-1tr.i586.rpm
e19838578eeda827d3d8dd4c5a550f70  2.2/rpms/php4-gd-4.4.0-1tr.i586.rpm
2d9c339bf665c3f7f0cd99bf1d7e721b  2.2/rpms/php4-imap-4.4.0-1tr.i586.rpm
1e7c85aa84b204aef680a9e46e1ad29c  2.2/rpms/php4-ldap-4.4.0-1tr.i586.rpm
520993dd95b97d26b3152b023fdba9ef  2.2/rpms/php4-mhash-4.4.0-1tr.i586.rpm
557d7af7baeba9c5f055895049c678b2  2.2/rpms/php4-mysql-4.4.0-1tr.i586.rpm
2d0ccf253c097c48acad252e0c49e4cb  2.2/rpms/php4-pgsql-4.4.0-1tr.i586.rpm
cf87ec3b86bcd1050609e193197034f1  2.2/rpms/php4-test-4.4.0-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC1jlJi8CEzsK9IksRAjCzAJ0YgcXZST4ZqhlAp6QYcfHbiBDjKQCeI3kw
3dNme6eKVF7dEXjb0p3rplM=
=khJE
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ