There are some insecure permissions on configuration files and executables with the bind 9.x packages shipped with Mandrake Linux 8.0 and 8.1. This update provides stricter permissions by making the /etc/rndc.conf and /etc/rndc.key files read/write by the named user and by making /sbin/rndc-confgen and /sbin/rndc read/write/executable only by root.
Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately.
Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user. Update: The glibc update for 8.0/PPC resulted in ldconfig segfaulting consistently. This update fixes the problems with ldconfig on PPC.
Two different problems where found in libgtop-daemon:
An exploitable overflow has been found in the address handling code of the mutt mail client version 1.2.5i supplied with Slackware 8.0. A new mutt-220.127.116.11 has been released which addresses this problem, and packages are now available for Slackware 8.0 and -current.
mutt, a popular mail client for Linux-like systems, is vulnerable to a buffer overflow that is remotely exploitable. We have added patches to the versions of mutt as shipped with the affected distributions to fix the problem. We recommend to install the update package for your product and to restart all running instances of mutt. We thank Joost Pol for reporting the problem to the makers of mutt.
Patrice Fournier discovered a bug in all versions of Exim older than Exim 3.34 and Exim 3.952.
The sparc binary for the mutt security fix described in DSA-096-1 is now available.
Joost Pol found a buffer overflow in the address handling code of mutt (a popular mail user agent). Even though this is a one byte overflow this is exploitable.
Updated Mailman packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman.
The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges.
Updated namazu packages are available for Red Hat Linux 7.0J. These packages fix cross-site scripting vulnerability.
This security announcement obsoletes SuSE-SA:2001:001 about glibc (shlibs).
Updated Mailman packages are now available for Red Hat PowerTools 7 and 7.1. These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman.
Updated Mailman packages are now available for Red Hat Linux 7.
Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user.
A remote format string vulnerability was found in the libgtop daemon by Laboratory intexxia. By sending a specially crafted format string to the server, a remote attacker could potentially execute arbitrary code on the remote system with the daemon's permissions. By default libgtop runs as the user nobody, but the flaw could be used to compromise local system security by allowing the attacker to exploit other local vulnerabilities. A buffer overflow was also found by Flavio Veloso which could allow the client to execute code on the server. Both vulnerabilities are patched in this update and will be fixed upstream in version 1.0.14. libgtop_daemon is not invoked by default anywhere in Mandrake Linux.
A buffer overflow exists in the telnet portion of Kerberos that could provide root access to local users. MDKSA-2001:068 provided a similar fix to the normal telnet packages, but the Kerberized equivalent was not updated previously.
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables.
Updated glibc packages are available to fix an overflowable buffer and for 7.x to fix a couple of non-security related bugs.