| |||||||||||||
Trustix alert TSLSA-2005-0045 (multi)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2005-0045 Package names: apache, cvs, pcre, php4, php, python Summary: Multiple vulnerabilities Date: 2005-08-26 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: apache Apache is a full featured web server that is freely available, and also happens to be the most widely used. cvs CVS (Concurrent Version System) is a version control system that can record the history of your files (usually, but not always, source code). CVS only stores the differences between versions, instead of every version of every file you have ever created. CVS also keeps a log of who, when, and why changes occurred. pcre Perl-compatible regular expression library. php4 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages. php PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled web page with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache web server to understand and process the embedded PHP language in web pages. python Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries. Problem description: apache - SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. This package uses a private copy of the vulnerable code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2491 to this issue. cvs - SECURITY Fix: Josh Bressers has reported a security issue in cvs, which potentially can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The security issue is caused due to insecure temporary file usage by the cvsbug.in script when saving temporary output to "/tmp". pcre - SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. This package uses a private copy of the vulnerable code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2491 to this issue. php4 - SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. This package uses a private copy of the vulnerable code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2491 to this issue. php - SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. This package uses a private copy of the vulnerable code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2491 to this issue. python - SECURITY Fix: Fix Integer overflow in pcre_compile.c which allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow. This package uses a private copy of the vulnerable code. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-2491 to this issue. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/>> <URI:ftp://ftp.trustix.org/pub/trustix/updates/>> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/>> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY>> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/>> and <URI:http://www.trustix.org/errata/trustix-3.0/>> or directly at <URI:http://www.trustix.org/errata/2005/0045/>> MD5sums of the packages: - -------------------------------------------------------------------------- 188f1d8684ba19a152a40cf06617568d 3.0/rpms/apache-2.0.54-13tr.i586.rpm 224c0813d2e92aba0140448934570b3f 3.0/rpms/apache-dbm-2.0.54-13tr.i586.rpm 4a150ef78c1bd449465ba0814b43dbe9 3.0/rpms/apache-devel-2.0.54-13tr.i586.rpm 48f936e229146de6745b1a16e43551d8 3.0/rpms/apache-html-2.0.54-13tr.i586.rpm fb5b3e66bae82ef966b7363c65137b3f 3.0/rpms/apache-manual-2.0.54-13tr.i586.rpm 4c5ef892c1010799d9d64485c92576ac 3.0/rpms/apache-suexec-2.0.54-13tr.i586.rpm 69a7c74e4a2b671dc1578e6f79190c42 3.0/rpms/cvs-1.12.12-5tr.i586.rpm eb72223e403d42a0f9ab7bf79f21b8b9 3.0/rpms/cvs-contrib-1.12.12-5tr.i586.rpm 6c8b70962437d5810af21973173d11e7 3.0/rpms/cvs-pserver-1.12.12-5tr.i586.rpm 96d0027040fc60deede2c7def8f9ced1 3.0/rpms/pcre-5.0-4tr.i586.rpm 2a9827974804d4583070b50dd802614b 3.0/rpms/pcre-devel-5.0-4tr.i586.rpm db39f8d77994b943c3dda2cc58f5c38b 3.0/rpms/php-5.0.4-18tr.i586.rpm ab5ac4261bc43208e44728a42508fbdf 3.0/rpms/php-cli-5.0.4-18tr.i586.rpm f64974cf20542dcc9a1cf37f1a510253 3.0/rpms/php-curl-5.0.4-18tr.i586.rpm e4739b55dbd7971b428afed5cc8ee09b 3.0/rpms/php-devel-5.0.4-18tr.i586.rpm a091a50636688d0d04164e0cd30a9ea2 3.0/rpms/php-exif-5.0.4-18tr.i586.rpm dff4d3f3425f0d5f5d983d38cb373538 3.0/rpms/php-fcgi-5.0.4-18tr.i586.rpm 9b88c903b6824d732064a91d4d113b2d 3.0/rpms/php-gd-5.0.4-18tr.i586.rpm c576bc9ddf0219369ab9b1e60b58a6ed 3.0/rpms/php-imap-5.0.4-18tr.i586.rpm b553c65ad30175842d6cf1128357721d 3.0/rpms/php-ldap-5.0.4-18tr.i586.rpm fd50d06e4aa96ab1e6f03c225c4c6bdd 3.0/rpms/php-mhash-5.0.4-18tr.i586.rpm 842b0a2035cd79a6f464c4c62227db09 3.0/rpms/php-mysql-5.0.4-18tr.i586.rpm ea9b6e4f8ba3d3a3ba7ab30f565e33c4 3.0/rpms/php-mysqli-5.0.4-18tr.i586.rpm e8b56844a378daf873ac19e6f994ebf5 3.0/rpms/php-pgsql-5.0.4-18tr.i586.rpm a6f4aee28a03061c59a36bf6d4ad02ab 3.0/rpms/php-snmp-5.0.4-18tr.i586.rpm ea1f6e176ab58d49992ab9b77cddee59 3.0/rpms/php-zlib-5.0.4-18tr.i586.rpm e5eab98dd2144e0021e5982837243441 3.0/rpms/python-2.3.5-4tr.i586.rpm 875a18abf256761ab09637415872bd05 3.0/rpms/python-devel-2.3.5-4tr.i586.rpm 3ed732703dd10dddb53cb42a9b53837d 3.0/rpms/python-docs-2.3.5-4tr.i586.rpm 5b3b80b3997c473be971b438c89ac82b 3.0/rpms/python-gdbm-2.3.5-4tr.i586.rpm 3628cc5e52fc7ed9b32989c3d937c113 3.0/rpms/python-idle-2.3.5-4tr.i586.rpm cf757718acabf792c194c2cdd6604b6f 3.0/rpms/python-modules-2.3.5-4tr.i586.rpm d8069bab7a2d0998c676a97d994fc5dc 2.2/rpms/apache-2.0.54-7tr.i586.rpm 991acb5a6e9342624309b910cbcf625a 2.2/rpms/apache-dbm-2.0.54-7tr.i586.rpm de932d3a16ede3dd266e7e557c3914ab 2.2/rpms/apache-devel-2.0.54-7tr.i586.rpm c76a53cddadf1e43536f857c7cf1c74c 2.2/rpms/apache-html-2.0.54-7tr.i586.rpm 7291fdab715029bf3ac732560741b571 2.2/rpms/apache-manual-2.0.54-7tr.i586.rpm f864cee72095578afec3344be6852072 2.2/rpms/apache-suexec-2.0.54-7tr.i586.rpm a4632c0477a392d19a5d1d6e16ecadef 2.2/rpms/cvs-1.12.12-4tr.i586.rpm 71e87513eafb4030eb7f7b1bbb762cbc 2.2/rpms/cvs-contrib-1.12.12-4tr.i586.rpm dff79aee0cfe7d1f6c4c381eaf94d9f8 2.2/rpms/cvs-pserver-1.12.12-4tr.i586.rpm de255b7dd4f9c8973de95db8869c6713 2.2/rpms/pcre-5.0-2tr.i586.rpm 0f432310686e233bc13eeefeffb11584 2.2/rpms/pcre-devel-5.0-2tr.i586.rpm 4c88f185845cae29758f73b22fb3c47d 2.2/rpms/php-5.0.4-11tr.i586.rpm c1e6f1ba06918906cf39d487e9b4b5f3 2.2/rpms/php-cli-5.0.4-11tr.i586.rpm c26ae88f45f5d151f1fecf82b2d51675 2.2/rpms/php-curl-5.0.4-11tr.i586.rpm bffe73ac3fae883f3d11073b7f1ca1d2 2.2/rpms/php-devel-5.0.4-11tr.i586.rpm 77df2f5e5d265705aabbf8d9d90868d7 2.2/rpms/php-exif-5.0.4-11tr.i586.rpm 57ee06a4fa00fd282c3ab64e7f87ebe0 2.2/rpms/php-fcgi-5.0.4-11tr.i586.rpm 0133da2237dc6bca3ca538e110b5952d 2.2/rpms/php-gd-5.0.4-11tr.i586.rpm 75bd17ba0ea16400b2515b3090996cce 2.2/rpms/php-imap-5.0.4-11tr.i586.rpm 3d6efccf9e94d210289ae1e756cd085e 2.2/rpms/php-ldap-5.0.4-11tr.i586.rpm 8246e50f68916faac6c0a3c153663e83 2.2/rpms/php-mhash-5.0.4-11tr.i586.rpm 58600aa04f0bd9e960a5159af9a01449 2.2/rpms/php-mysql-5.0.4-11tr.i586.rpm 03bb910ce9683c15c805a9a58fdefaab 2.2/rpms/php-mysqli-5.0.4-11tr.i586.rpm ba4315bd4320345f60df34e00b968082 2.2/rpms/php-pgsql-5.0.4-11tr.i586.rpm ac19bd001f0e64f0366dcc05f8cbf6a6 2.2/rpms/php-zlib-5.0.4-11tr.i586.rpm 2f4f281a71f0c6309dca8ec29f02d854 2.2/rpms/php4-4.4.0-5tr.i586.rpm 24737dc7746e3299c6727c49cdd56648 2.2/rpms/php4-cli-4.4.0-5tr.i586.rpm cff67cd7148f5ebec073908b99077590 2.2/rpms/php4-curl-4.4.0-5tr.i586.rpm 71e769cbb260064a91e716941538d519 2.2/rpms/php4-devel-4.4.0-5tr.i586.rpm 78e293b0c6f8dada3b0a188213b7e3a9 2.2/rpms/php4-domxml-4.4.0-5tr.i586.rpm 2b5e39f2bdc0e8854a1f878a56d4c5d6 2.2/rpms/php4-exif-4.4.0-5tr.i586.rpm 9801002543272a72639efb5fdeb16adc 2.2/rpms/php4-fcgi-4.4.0-5tr.i586.rpm 3e12f2c33a3edc52b9824286e5c0211c 2.2/rpms/php4-gd-4.4.0-5tr.i586.rpm e7d73a36595dbaadd0332c98db7d1c6a 2.2/rpms/php4-imap-4.4.0-5tr.i586.rpm 0a7f8254c9d6bc4f964a6b0d807ec62c 2.2/rpms/php4-ldap-4.4.0-5tr.i586.rpm 178d08ebd3ee203b7954293e26279a0e 2.2/rpms/php4-mhash-4.4.0-5tr.i586.rpm d6bf41ecd9d979e1e5eb360dccb8824e 2.2/rpms/php4-mysql-4.4.0-5tr.i586.rpm 6b17e937e05e3d13131ac784948c5a02 2.2/rpms/php4-pgsql-4.4.0-5tr.i586.rpm 8f01c6b97faa83ee06891f87c29d89e0 2.2/rpms/php4-test-4.4.0-5tr.i586.rpm 9c42310ef3239595ec2aef15141b7e47 2.2/rpms/python-2.2.3-16tr.i586.rpm 54182de23c4c394ab446a9bef7c3ed28 2.2/rpms/python-dbm-2.2.3-16tr.i586.rpm 3206ce355a52cb25b9e109e896420450 2.2/rpms/python-devel-2.2.3-16tr.i586.rpm e16a362443afcc7d422640a8de3199da 2.2/rpms/python-docs-2.2.3-16tr.i586.rpm af4292a27de47e60fa08f841c79c630d 2.2/rpms/python-gdbm-2.2.3-16tr.i586.rpm 76034266f9e776233e54274b69bbca3d 2.2/rpms/python-modules-2.2.3-16tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDFzBni8CEzsK9IksRAidKAJ4xAmzNGZYk/No0uM3pAC3f2O+m7wCeNsQr sklL5QyZNUOdhyxe0AccUls= =pcla -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce (Log in to post comments)
|
|||||||||||||