User: Password:
|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2006-0063 (bind openssh rpm texinfo)

From:  Trustix Security Advisor <tsl@trustix.org>
To:  tsl-announce@lists.trustix.org
Subject:  TSLSA-2006-0063 - multi
Date:  Wed, 15 Nov 2006 08:47:58 +0000

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Security Advisory #2006-0063 Package names: bind, openssh, rpm, texinfo Summary: Multiple vulnerabilities Date: 2006-11-15 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: bind BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. openssh Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to seperate libraries (OpenSSL). rpm The RPM Package Manager is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc. texinfo Texinfo is a documentation system that can produce both online information and printed output from a single source file. Normally, you'd have to write two separate documents: one for online help or other online information and the other for a typeset manual or other printed work. Using Texinfo, you only need to write one source document. Then when the work needs revision, you only have to revise one source document. The GNU Project uses the Texinfo file format for most of its documentation. Problem description: bind < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New Upstream. - SECURITY Fix: Raise the minimum safe OpenSSL versions to OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions prior to these have known security flaws which are exploitable in named. [RT #16391] - Change the default RSA exponent from 3 to 65537. openssh < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - New upstream. - SECURITY Fix: A weakness has been reported in OpenSSH, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to an error within the privilege separation monitor, which may weaken the authentication process (SA22771). rpm < TSL 3.0 > - SECURITY Fix: A vulnerability has been reported in RPM, caused due to a boundary error when processing certain RPM packages. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into querying a specially crafted RPM package. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-5466 to this issue. texinfo < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Buffer overflow in the texi2dvi and texindex commands allows local users to execute arbitrary code via a crafted Texinfo file. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-4810 to this issue. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on security and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/> and <URI:http://www.trustix.org/errata/trustix-3.0/> or directly at <URI:http://www.trustix.org/errata/2006/0063/> MD5sums of the packages: - -------------------------------------------------------------------------- 411d41d5b1aca5e654bcd4f7069641cd 3.0/rpms/bind-9.3.2-5tr.i586.rpm c953e58b0a7c6069a0042ac147197404 3.0/rpms/bind-devel-9.3.2-5tr.i586.rpm f2cd09a1b89d0ad77a66433a079e036f 3.0/rpms/bind-libs-9.3.2-5tr.i586.rpm 5ac959e3dc072dde6454fd4468e4aa86 3.0/rpms/bind-light-9.3.2-5tr.i586.rpm 7be40d44718f02d019455030a91b7d94 3.0/rpms/bind-light-devel-9.3.2-5tr.i586.rpm 762277c7685bbcf73a82895d11b0b875 3.0/rpms/bind-utils-9.3.2-5tr.i586.rpm a31460377f74c37ef59e6866d8ad3965 3.0/rpms/openssh-4.5p1-1tr.i586.rpm 51bdca2164f24ea13dc30fa376f94ded 3.0/rpms/openssh-clients-4.5p1-1tr.i586.rpm b7e24c9e1563205973dea2e20606be62 3.0/rpms/openssh-server-4.5p1-1tr.i586.rpm 183a62996c6cccac693babea153b9392 3.0/rpms/openssh-server-config-4.5p1-1tr.i586.rpm 41cfd916a66e9a71fc5f8d2bccd1b0b3 3.0/rpms/rpm-4.3.2-17tr.i586.rpm 205fdcdfd07dc3e0216eb2cbd2a66165 3.0/rpms/rpm-build-4.3.2-17tr.i586.rpm 073b02bab62058bbdd9a6ea72f71ab59 3.0/rpms/rpm-devel-4.3.2-17tr.i586.rpm 81cf14d0a7d95f3d1487541f5750a9c9 3.0/rpms/rpm-python-4.3.2-17tr.i586.rpm 0603399ce542603ba7f5a197a763dc3d 3.0/rpms/texinfo-4.8-6tr.i586.rpm 1d4dcde48a5a1fe2ab19495e6e808b5f 2.2/rpms/bind-9.3.2-5tr.i586.rpm bfffb44bef5aa6c2971095319d3b7a9b 2.2/rpms/bind-devel-9.3.2-5tr.i586.rpm 26374574a61e0d51682e23bf56f9239e 2.2/rpms/bind-libs-9.3.2-5tr.i586.rpm 82dc44bb35d9462ac56c0d921374b0be 2.2/rpms/bind-light-9.3.2-5tr.i586.rpm d8076c50fda7594808523e417a234544 2.2/rpms/bind-light-devel-9.3.2-5tr.i586.rpm 5001689ab4ed15e5d636a4c1d851792d 2.2/rpms/bind-utils-9.3.2-5tr.i586.rpm 9ca9e32b1a1f51d9656fb9b156ff5085 2.2/rpms/openssh-4.5p1-1tr.i586.rpm 0c8462b001eee4c24c57038f18d04638 2.2/rpms/openssh-clients-4.5p1-1tr.i586.rpm 89ac4db62996c6641dfe27897270d719 2.2/rpms/openssh-server-4.5p1-1tr.i586.rpm 061da2194491d15e15c6c72f035b4800 2.2/rpms/openssh-server-config-4.5p1-1tr.i586.rpm 2d82898ad50f90d26dd2c33460eeb80d 2.2/rpms/texinfo-4.8-1tr.i586.rpm - -------------------------------------------------------------------------- Trustix Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFFWtFMi8CEzsK9IksRAvS4AJ0SmA4fyUuojQP1ntmopdW/RDRcyQCgpUhC HrxeCDQJVs1yGubEz3ZzBmw= =ssBH -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds