Showing all newswire headlines

A couple of bugs in GNU C library

A couple of bugs in GNU C library

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLV_HOST_CONF environment variable to the name of the file that they wish to read, then runs any setuid root program that makes use of that variable. The file is then written to stderr.

Immunix reports that mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1

Two bugs in GnuPG have recently been found:

Lez discovered a format string problem in stunnel (a tool to create Universal SSL tunnel for other network daemons). Brian Hatch responded by stating he was already preparing a new release with multiple security fixes:

Matt Kraai reported that he found a problem in the way dialog creates lock-files: it did not create them safely which made it susceptible to a symlink attack.

Updated stunnel packages are available for Red Hat Linux 7.

A new Zope Hotfix package is available.

Updated rp-pppoe packages fixing a denial of service attack are available.(Patch from the rp-pppoe author, David F. Skoll )

A busy week for the Zope team: on Monday another security alert was released revealing a potential problem found by Peter Kelly. This problem involved incorrect protection of data updating for Image and File objects: any user with DTML editing privileges could update the File or Image object data directly.

Updated gnupg packages are now available for Red Hat Linux 6.x and 7.

Updated stunnel packages are now available for Red Hat Linux 7.

New slocate packages are availble for Red Hat Linux 6.x and Red Hat Linux 7. These fix a problem with the database parsing code in slocate. (slocate was not shipped with Red Hat Linux prior to version 6.0, so earlier versions are not affected.)

Last week a Zope (security advisory was released which indicated Erik Enge found a problem in the way Zope calculates roles. In some situations Zope checked the wrong folder hierarchy which could cause it to grant local roles when it should not. In other words: users with privileges in one folder could gain privileges in another folder.

A new Zope-Hotfix package is availble which fixes issues with computation of local roles.

Michel Kaempf reported a security problem in slocate (a secure version of locate, a tool to quickly locate files on a filesystem) on bugtraq which was originally discovered by zorgon. He discovered there was a bug in the database reading code which made it overwrite a internal structure with some input. He then showed this could be exploited to trick slocate into executing arbitrary code by pointing it to a carefully crafted database.

The problem that was previously reported for joe also occurs with other editors. When nano (a free pico clone) unexpectedly dies it tries a warning message to a new file with a predictable name (the name of the file being edited with ".save" appended). Unfortunately that file was not created safely which made nano vulnerable to a symlink attack.

New BitchX packages are available which fix the problem with processing malformed DNS answers.

Vulnerability in legacy names allows calling those contructors without the correct permissions.