Showing all newswire headlines

Updated gnupg packages are now available for Red Hat Linux 6.2, 7, and 7.1. These updates address a potential vulnerability which could allow an attacker to compute a user's secret key.

The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. It has been fixed by properly dropping the privileges before executing the editor. This bug was found by Sebastian Krahmer.

The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. Sebastian Krahmer has found the bug. It has been fixed by properly dropping the privileges before executing the editor.

New samba packages are available; these packages fix /tmp races in smbclient and the printing code. By exploiting these vulnerabilities, local users could overwrite any file in the system. It is recommended that all samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. Note: these packages include the security patch from Samba-

New samba packages are available; these packages fix /tmp races in smbclient and the printing code. By exploiting these vulnerabilities, local users could overwrite any file in the system. It is recommended that all samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. Note: these packages include the security patch from Samba-

New Zope packages are available which fix a security flaw with ZClass.

New Zope packages are available which fix a security flaw with ZClass.

The minicom program allows any user with local shell access to obtain group uucp priveledges. It may also be possible for the malicious user to obtain root priveledges as well.

The minicom program allows any user with local shell access to obtain group uucp priveledges. It may also be possible for the malicious user to obtain root priveledges as well.

Marc Jacobsen from HP discovered that the security fixes from samba 2.0.8 did not fully fix the /tmp symlink attack problem. The samba team released version 2.0.9 to fix that, and those fixes have been added to version 2.0.7-3.3 of the Debian samba packages.

Updated nedit packages fixing a security problem are available.

The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making a FTP server return special responses that exploit this.

Ethan Benson found a bug in man-db packages as distributed in Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to build an index of the manual pages installed on a system. When the -u or - -c option were given on the command-line to tell it to write its database to a different location it failed to properly drop privileges before creating a temporary file. This makes it possible for an attacked to do a standard symlink attack to trick mandb into overwriting any file that is writable by uid man, which includes the man and mandb binaries.

A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as `any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.'

A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access.

The sgmltool programs ("sgml2html" and others) are used to convert SGML-files into various other formats.

Updated mount packages fixing a potential security problem are available.

Updated kdelibs packages fixing a security problem, some memory leaks and some minor bugs are available.

The nedit (Nirvana editor) package as shipped in the non-free section accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code: when printing text it would create a temporary file with the to be printed text and pass that on to the print system. The temporary file was not created safely, which could be exploited by an attacked to make nedit overwrite arbitrary files.

This is an addition to DSA 043-1 which fixes several vulnerabilities in Zope. Something went wrong so it has to be corrected. The previous security release 2.1.6-7 has two severe problems: