Linux Advisory Watch - September 28th 2001
This week, advisories were released for uucp, man, openssh, squid, and setserial. The vendors include Conectiva, Mandrake, and Red Hat. It has been another slow advisory week. Again, we recommend taking time to make sure that no previous advisories have been missed.
Why deal with Code Red, Nimda, and other worms? * Download EnGarde! * The EnGarde distribution was designed from the ground up as a secure solution, starting with the principle of least privilege, and carrying it through every aspect of its implementation. http://www.engardelinux.org.
Packages Vendors uucp Mandrake man Red Hat openssh All squid Conectiva setserial Red Hat
Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.
Linux Advisory Watch is a comprehensive newsletter that outlinesthe security vulnerabilities that have been announced throughout the week.It includes pointers to updated packages and descriptions of each vulnerability.
Zen Parse discovered that an argument handling problem that exists in the uucp package can allow a local attacker to gain access to the uucp user or group.
Mandrake Linux 8.0:
http://www.linux-mandrake.com/en/ftp.php3
8.0/RPMS/uucp-1.06.1-18.1mdk.i586.rpm
1d285f9a496ae17aac3a43faaf93046aMandrake Vendor Advisory:
http://www.linuxsecurity.com/advisories/mandrake_advisory-1613.html
Updated man packages fixing a local GID man exploit and a potential GID man to root exploit, as well as a problem with the man paths of Red Hat Linux 5.x and 6.x.
Red Hat 7.1 i386:
ftp://updates.redhat.com/7.1/en/os/i386/man-1.5i2-0.7x.5.i386.rpm
99245cb9189b9e7c91b2241b308ee488Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1614.html
Users can circumvent the system policy and login from disallowed source IP addresses. Depending on the order of the user keys in ~/.ssh/authorized_keys2 sshd might fail to apply the source IP based access control restriction (e.g. from="10.0.0.1") to the correct key: If a source IP restricted key (e.g. DSA key) is immediately followed by a key of a different type (e.g. RSA key), then key options for the second key are applied to both keys, which includes 'from='.'
Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1617.html
Vladimir Ivaschenko found a bug[1] which allows a remote attacker to cause a DoS on the squid proxy service by sending mkdir ftp requests.. Takashi Taniguchi found a bug[2] that allows malicious users to do portscanning and other suspect activities using the proxy when it's configured in "http accelerator mode".
Conectiva 7.0
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-2.4.1-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-auth-2.4.1-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-doc-2.4.1-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/squid-templates-2.4.1-4U70_1cl.i386.rpmConectiva Vendor Advisory:
http://www.linuxsecurity.com/advisories/other_advisory-1615.html
The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-2.17-4 and earlier versions are affected. The setserial package comes with an initscript in the documentation directory. If this initscript is manually copied into the init.d directory structure and enabled, and the kernel is recompiled to have modular serial port support, then the initscript will use a predictable temporary file name.
PLEASE SEE ADVISORY FOR UPDATE
Red Hat Vendor Advisory:
http://www.linuxsecurity.com/advisories/redhat_advisory-1616.html
