Trustix Secure Linux Security Advisory #2005-0059 - Multiple vulnerabilities in apache, lynx, mod_php4, openssl, php4, php, squid, texinfo, and wget.
b4197c01fe5f684fdb98b3e5b534d68a67f885d006e32bc2b7bb8fef99c8c5f0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2005-0059
Package names: apache, lynx, mod_php4, openssl,
php4, php, squid, texinfo, wget
Summary: Multiple vulnerabilities
Date: 2005-10-21
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
Trustix Operating System - Enterprise Server 2
- --------------------------------------------------------------------------
Package description:
apache
Apache is a full featured web server that is freely available, and also
happens to be the most widely used.
lynx
Lynx is a text-based Web browser. Lynx does not display any images,but
it does support frames, tables and most other HTML tags. Lynx's advantage
over graphical browsers is its speed: Lynx starts and exits quickly and
swiftly when displaying Web pages.
mod_php4
PHP is an HTML-embedded scripting language. PHP attempts to make it easy
for developers to write dynamically generated web pages. PHP also offers
built-in database integration for several commercial and non-commercial
database management systems, so writing a database-enabled web page with
PHP is fairly simple. The most common use of PHP coding is probably as a
replacement for CGI scripts. The mod_php module enables the Apache web
server to understand and process the embedded PHP language in web pages.
openssl
A C library that provides various crytographic algorithms and protocols,
including DES, RC4, RSA, and SSL. Includes shared libraries.
php4
PHP is an HTML-embedded scripting language. PHP attempts to make it easy
for developers to write dynamically generated web pages. PHP also offers
built-in database integration for several commercial and non-commercial
database management systems, so writing a database-enabled web page with
PHP is fairly simple. The most common use of PHP coding is probably as a
replacement for CGI scripts. The mod_php module enables the Apache web
server to understand and process the embedded PHP language in web pages.
php
PHP is an HTML-embedded scripting language. PHP attempts to make it easy
for developers to write dynamically generated web pages. PHP also offers
built-in database integration for several commercial and non-commercial
database management systems, so writing a database-enabled web page with
PHP is fairly simple. The most common use of PHP coding is probably as a
replacement for CGI scripts. The mod_php module enables the Apache web
server to understand and process the embedded PHP language in web pages.
squid
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single, non-blocking,
I/O-driven process. Squid keeps meta data and especially hot objects
cached in RAM, caches DNS lookups, supports non-blocking DNS lookups,
and implements negative caching of failed requests.
texinfo
Texinfo is a documentation system that can produce both online
information and printed output from a single source file. Normally,
you'd have to write two separate documents: one for online help or
other online information and the other for a typeset manual or other
printed work. Using Texinfo, you only need to write one source
document. Then when the work needs revision, you only have to revise
one source document. The GNU Project uses the Texinfo file format for
most of its documentation.
wget
GNU Wget is a file retrieval utility which can use either the HTTP or
FTP protocols. Wget features include the ability to work in the
background while you're logged out, recursive retrieval of directories,
file name wildcard matching, remote file timestamp storage and comparison,
use of Rest with FTP servers and Range with HTTP servers to retrieve files
over slow or unstable connections, support for Proxy servers, and
configurability.
Problem description:
apache < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream and Multiple Vendor Security Fixes
- SECURITY Fix: CVE-2005-2700, CVE-2005-2491, CVE-2005-2088, CVE-2005-2728,
CVE-2005-2088, CVE-2005-1268 .
- Fix core dump if mod_auth_ldap's mod_auth_ldap_auth_checker() was called
even if mod_auth_ldap_check_user_id() was not (or if it didn't succeed)
for non-authoritative cases.
- mod_proxy: Fix over-eager handling of '%' for reverse proxies.
- mod_ldap: Fix various shared memory cache handling bugs.
lynx < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Fix Stack-based buffer overflow in the HTrjis function in
Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary
code via certain article headers that cause Lynx to add extra escape
(ESC) characters.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-3120
mod_php4 < TSEL 2 >
- SECURITY Fix: A vulnerability has been identified in PHP, which could be
exploited by malicious users to bypass security policies. This flaw is
due to an error in "fopen_wrappers.c" that does not properly restrict access
to other directories when the "open_basedir" directive includes a trailing
slash, which could allow certain scripts in a directory (e.g."/user/test2/)
to access files in other directories whose names are substrings of the
original directory (e.g. "/user/test22/).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-3054
openssl < TSL 3.0 >
- New Upstream
- SECURITY Fix: Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
(part of SSL_OP_ALL). This option used to disable the countermeasure
against man-in-the-middle protocol-version rollback in the SSL 2.0 server
implementation, which is a bad idea.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-2969
php4 < TSL 2.2 >
- SECURITY Fix: A vulnerability has been identified in PHP, which could be
exploited by malicious users to bypass security policies. This flaw is
due to an error in "fopen_wrappers.c" that does not properly restrict access
to other directories when the "open_basedir" directive includes a trailing
slash, which could allow certain scripts in a directory (e.g."/user/test2/)
to access files in other directories whose names are substrings of the
original directory (e.g. "/user/test22/).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-3054
php < TSL 3.0 > < TSL 2.2 >
- New Upstream
- SECURITY Fix: A vulnerability has been identified in PHP, which could be
exploited by malicious users to bypass security policies. This flaw is
due to an error in "fopen_wrappers.c" that does not properly restrict access
to other directories when the "open_basedir" directive includes a trailing
slash, which could allow certain scripts in a directory (e.g."/user/test2/)
to access files in other directories whose names are substrings of the
original directory (e.g. "/user/test22/).
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2005-3054
squid < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New Upstream and Multiple Vendor Security Fixes
texinfo < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- SECURITY Fix: Frank Lichtenheld discovered that the "texindex" program
created temporary files in an insecure manner. This could allow a symlink
attack to create or overwrite arbitrary files with the privileges of
the user running texindex.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-3011
wget < TSL 3.0 > < TSL 2.2 > < TSEL 2 >
- New upstream.
- SECURITY Fix: Stack-based buffer overflow in the ntlm_output function in
http-ntlm.c. when NTLM authentication is enabled, allows remote servers to
execute arbitrary code via a long NTLM username.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-3185
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2005/0059/>
MD5sums of the packages:
- --------------------------------------------------------------------------
308b171c54af53ca69fbd311584ec724 2.2/rpms/apache-2.0.55-1tr.i586.rpm
d22246cbb3e71354e6153902c8ec1fe9 2.2/rpms/apache-dbm-2.0.55-1tr.i586.rpm
5f4c3c81d43f0d5ca32ccb3c30f314c8 2.2/rpms/apache-devel-2.0.55-1tr.i586.rpm
2adad928656dd80b58cdfbf6ceea7c76 2.2/rpms/apache-html-2.0.55-1tr.i586.rpm
c97a5903d9ee7111498937c2ec82915e 2.2/rpms/apache-manual-2.0.55-1tr.i586.rpm
9b5c3c1dc65a92539e93af9915f39177 2.2/rpms/apache-suexec-2.0.55-1tr.i586.rpm
e21367f7e8eba231e780d592a46ac2ef 2.2/rpms/lynx-2.8.5-3tr.i586.rpm
d7f72636202044256732cf5aa3f5a456 2.2/rpms/php-5.0.5-1tr.i586.rpm
be9e6c6eef2e6cdb41d7284c78e2b215 2.2/rpms/php-cli-5.0.5-1tr.i586.rpm
cb634e70926928e7e8fd44f72ccce560 2.2/rpms/php-curl-5.0.5-1tr.i586.rpm
459c599f18af14ad72328333131dee78 2.2/rpms/php-devel-5.0.5-1tr.i586.rpm
e933a67389c55ee9b9bd22b114d1bb78 2.2/rpms/php-exif-5.0.5-1tr.i586.rpm
898cf72bed0e6efd1e7f8e56511056ac 2.2/rpms/php-fcgi-5.0.5-1tr.i586.rpm
7d2a3e09100f36ad3a0742ad193bfe77 2.2/rpms/php-gd-5.0.5-1tr.i586.rpm
a29e527b3a1d6925a1ead30070c42c8a 2.2/rpms/php-imap-5.0.5-1tr.i586.rpm
c4b2af1eb8ebd9fea150fb703b60238a 2.2/rpms/php-ldap-5.0.5-1tr.i586.rpm
8e58a96709c890d117a61083ca3cdca3 2.2/rpms/php-mhash-5.0.5-1tr.i586.rpm
80b2bc354ddfcbe1dabc7539ff2c4b01 2.2/rpms/php-mysql-5.0.5-1tr.i586.rpm
32d6befe9a92cd74462e7cef9bd6dd07 2.2/rpms/php-mysqli-5.0.5-1tr.i586.rpm
21005dd2d46c17ee43211da816fada73 2.2/rpms/php-pgsql-5.0.5-1tr.i586.rpm
003ea235528c40cbb201e2bb7233a264 2.2/rpms/php-zlib-5.0.5-1tr.i586.rpm
238e983cdf2456dd74be19aeb8632a28 2.2/rpms/php4-4.4.0-6tr.i586.rpm
11398dce9d02adc7db5cc5fd40522008 2.2/rpms/php4-cli-4.4.0-6tr.i586.rpm
0ebf0c95e1b0e837e7099e4f1cc37ca2 2.2/rpms/php4-curl-4.4.0-6tr.i586.rpm
ceb17c5eb5125e657cc77f796ce8569a 2.2/rpms/php4-devel-4.4.0-6tr.i586.rpm
bd4b900b4698b58682c791fc9594fcc4 2.2/rpms/php4-domxml-4.4.0-6tr.i586.rpm
676a8deb3b89c6ec0cb3335d1662b1a9 2.2/rpms/php4-exif-4.4.0-6tr.i586.rpm
a30682de1a7496e00504a64d92805cf7 2.2/rpms/php4-fcgi-4.4.0-6tr.i586.rpm
51585b634c5f4fa8536dc6548c52b0c1 2.2/rpms/php4-gd-4.4.0-6tr.i586.rpm
42b97fbf30841216d14329de331def51 2.2/rpms/php4-imap-4.4.0-6tr.i586.rpm
4465021897297d2f77f6d7a305b77adc 2.2/rpms/php4-ldap-4.4.0-6tr.i586.rpm
a0b1353fea968890386498f5bae5381f 2.2/rpms/php4-mhash-4.4.0-6tr.i586.rpm
4dd3ef7f1ff7c5eb17b179a803a25051 2.2/rpms/php4-mysql-4.4.0-6tr.i586.rpm
57a952d4a679c022eb6b068fc3eb8203 2.2/rpms/php4-pgsql-4.4.0-6tr.i586.rpm
38a7b2a2af002f7178f85dceee63a483 2.2/rpms/php4-test-4.4.0-6tr.i586.rpm
bec3cba7e234674a113be8d9d8531a5c 2.2/rpms/squid-2.5.STABLE11-1tr.i586.rpm
109ff17cb00b7446c75bc48a529742a8 2.2/rpms/texinfo-4.7-2tr.i586.rpm
46343428fe4e0831098727f877020fdb 2.2/rpms/wget-1.10.2-1tr.i586.rpm
3395c3b84ee9966d8bbf30065f0e630a 3.0/rpms/apache-2.0.55-2tr.i586.rpm
73917049e2250742496118de92c87b21 3.0/rpms/apache-dbm-2.0.55-2tr.i586.rpm
edd4e9aa3afaa18d284a627cd76efed5 3.0/rpms/apache-devel-2.0.55-2tr.i586.rpm
4c37c211cf64f45c1439ec3714fd8938 3.0/rpms/apache-html-2.0.55-2tr.i586.rpm
d5a886712855264b54e0258a2c39a552 3.0/rpms/apache-manual-2.0.55-2tr.i586.rpm
9755d7ba05b083095f1e6ec8280f9c4e 3.0/rpms/apache-suexec-2.0.55-2tr.i586.rpm
4b499c65ece0377d4e5c402af1b23609 3.0/rpms/openssl-0.9.7i-1tr.i586.rpm
93dbd422a4c28733b6e90b158348c3c3 3.0/rpms/openssl-devel-0.9.7i-1tr.i586.rpm
99de13687137116ac13ce3a23c67b444 3.0/rpms/openssl-support-0.9.7i-1tr.i586.rpm
63d897ffe0950c09460b7216701419ad 3.0/rpms/php-5.0.5-1tr.i586.rpm
34eca9c935f672e0cbf84391ba9f3b70 3.0/rpms/php-calendar-5.0.5-1tr.i586.rpm
384779d4c5ee34f62596accc579993ce 3.0/rpms/php-cli-5.0.5-1tr.i586.rpm
dd173818f7ba684c8e0426d58987668e 3.0/rpms/php-curl-5.0.5-1tr.i586.rpm
7527dfa50ca73a278512cd398b58e189 3.0/rpms/php-devel-5.0.5-1tr.i586.rpm
fb7a469048594adda7989c014d26a569 3.0/rpms/php-exif-5.0.5-1tr.i586.rpm
375a30351593da9fe907d08bbdab9e2d 3.0/rpms/php-fcgi-5.0.5-1tr.i586.rpm
d140161d7d0f2a07d9890fccbd3c9496 3.0/rpms/php-gd-5.0.5-1tr.i586.rpm
30dec126230b4b9eb4a57c85d08e6c97 3.0/rpms/php-imap-5.0.5-1tr.i586.rpm
5cde38799cb1f3438ac308dc25310600 3.0/rpms/php-ldap-5.0.5-1tr.i586.rpm
10d467eb33d7db3637db769e674cdf16 3.0/rpms/php-mhash-5.0.5-1tr.i586.rpm
c6d4099e9761b33f8878695ab435fd9f 3.0/rpms/php-mysql-5.0.5-1tr.i586.rpm
144b0c9f2856aa658ecce822dc1fbc51 3.0/rpms/php-mysqli-5.0.5-1tr.i586.rpm
8c208c65bf8a5b97b16c941f4cd6522f 3.0/rpms/php-pgsql-5.0.5-1tr.i586.rpm
9c78572b45947c534badd8827689b183 3.0/rpms/php-pspell-5.0.5-1tr.i586.rpm
5701a41a41d579dba344ef891e7f716f 3.0/rpms/php-snmp-5.0.5-1tr.i586.rpm
072c14983025f5580abc03a988f2ebc5 3.0/rpms/php-zlib-5.0.5-1tr.i586.rpm
0d08fd0117f1d68eb3d384cc0fd192af 3.0/rpms/squid-2.5.STABLE11-1tr.i586.rpm
a3b76833d8fa775af53cd22040938c91 3.0/rpms/texinfo-4.8-5tr.i586.rpm
5291e67f84de20d4d5e9892996546719 3.0/rpms/wget-1.10.2-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDXJQfi8CEzsK9IksRAl2BAJ4vjEIpln5iWqvvTA5Rg7qehHmj5ACggLtW
LC1lf2hvFYyUXIfJEHg4ZZM=
=ugtX
-----END PGP SIGNATURE-----