RE: [SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix several vulnerabilities
Hali Ugy erted: haltot nyomtatok rajta?! T. > -Original Message- > From: Moritz Muehlenhoff [mailto:[EMAIL PROTECTED] > Sent: Monday, May 29, 2006 9:29 PM > To: debian-security-announce@lists.debian.org > Subject: [SECURITY] [DSA 1082-1] New Linux kernel 2.4.17 packages fix > several vulnerabilities > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > - > -- > Debian Security Advisory DSA 1082-1[EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze, Dann Frazier > May 29th, 2006 http://www.debian.org/security/faq > - > -- > > Package: kernel-image-2.4.17-hppa kernel-image-2.4.17-ia64 kernel- > image-2.4.17-s390 kernel-patch-2.4.17-apus kernel-patch-2.4.17-mips > kernel-patch-2.4.17-s390 kernel-source-2.4.17 > Vulnerability : several > Problem-Type : local/remote > Debian-specific: no > CVE IDs: CVE-2004-0427 CVE-2005-0489 CVE-2004-0394 CVE-2004-0447 > CVE-2004-0554 CVE-2004-0565 CVE-2004-0685 CVE-2005-0001 CVE-2004-0883 > CVE-2004-0949 CVE-2004-1016 CVE-2004-1333 CVE-2004-0997 CVE-2004-1335 CVE- > 2004-1017 CVE-2005-0124 CVE-2005-0528 CVE-2003-0984 CVE-2004-1070 CVE- > 2004-1071 CVE-2004-1072 CVE-2004-1073 CVE-2004-1074 CVE-2004-0138 CVE- > 2004-1068 CVE-2004-1234 CVE-2005-0003 CVE-2004-1235 CVE-2005-0504 CVE- > 2005-0384 CVE-2005-0135 > > Several local and remote vulnerabilities have been discovered in the Linux > kernel that may lead to a denial of service or the execution of arbitrary > code. The Common Vulnerabilities and Exposures project identifies the > following problems: > > > CVE-2004-0427 > > A local denial of service vulnerability in do_fork() has been found. > > CVE-2005-0489 > > A local denial of service vulnerability in proc memory handling has > been found. > > CVE-2004-0394 > > A buffer overflow in the panic handling code has been found. > > CVE-2004-0447 > > A local denial of service vulnerability through a null pointer > dereference in the IA64 process handling code has been found. > > CVE-2004-0554 > > A local denial of service vulnerability through an infinite loop in > the signal handler code has been found. > > CVE-2004-0565 > > An information leak in the context switch code has been found on > the IA64 architecture. > > CVE-2004-0685 > > Unsafe use of copy_to_user in USB drivers may disclose sensitive > information. > > CVE-2005-0001 > > A race condition in the i386 page fault handler may allow privilege > escalation. > > CVE-2004-0883 > > Multiple vulnerabilities in the SMB filesystem code may allow denial > of service of information disclosure. > > CVE-2004-0949 > > An information leak discovered in the SMB filesystem code. > > CVE-2004-1016 > > A local denial of service vulnerability has been found in the SCM > layer. > > CVE-2004-1333 > > An integer overflow in the terminal code may allow a local denial of > service vulnerability. > > CVE-2004-0997 > > A local privilege escalation in the MIPS assembly code has been > found. > > CVE-2004-1335 > > A memory leak in the ip_options_get() function may lead to denial of > service. > > CVE-2004-1017 > > Multiple overflows exist in the io_edgeport driver which might be > usable > as a denial of service attack vector. > > CVE-2005-0124 > > Bryan Fulton reported a bounds checking bug in the coda_pioctl > function > which may allow local users to execute arbitrary code or trigger a > denial > of service attack. > > CVE-2005-0528 > > A local privilege escalation in the mremap function has been found > > CVE-2003-0984 > > Inproper initialization of the RTC may disclose information. > > CVE-2004-1070 > > Insufficient input sanitising in the load_elf_binary() function may > lead to privilege escalation. > > CVE-2004-1071 > > Incorrect error handling in the binfmt_elf loader may lead to > privilege > escalation. > > CVE-2004-1072 > > A buffer overflow in the binfmt_elf loader may lead to privilege > escalation or denial of service. > > CVE-2004-1073 > > The open_exec function may disclose information. > > CVE-2004-1074 > > The binfmt code is vulnerable to denial of service through malformed > a.out binaries. > > CVE-2004-0138 > > A denial of service vulnerability in the ELF loader has been found. > > CVE-2004-1068 > > A programming error in the unix_dgram_recvmsg() function may lead to > privilege escalation. > > CVE-2004-1234 > > The ELF loader is vulnerable to denial of service through malformed > binaries. > > CVE-2005-0003 > > Crafted ELF binaries may lead to privilege escalation, due to >
Re: Bogus DNS data from several debian.org authoritative servers
Florian Weimer wrote: > * Martin Schulze: > > > Disabled again. The problem lies somewhere "between" saens and you. > > It's fine on saens locally. > > While the bogus A record should be gone now that saens is down, you > should still remove saens from the list of authoritative name servers > for debian.{org,com,net} and ipv6.debian.org. This is definitely not > a local issue at Bjørn's site, it's globally visible. Err... that's a bit more complicated... So, in theory you are correct. Regards, Joey -- Ten years and still binary compatible. -- XFree86 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bogus DNS data from several debian.org authoritative servers
* Martin Schulze: > Disabled again. The problem lies somewhere "between" saens and you. > It's fine on saens locally. While the bogus A record should be gone now that saens is down, you should still remove saens from the list of authoritative name servers for debian.{org,com,net} and ipv6.debian.org. This is definitely not a local issue at Bjørn's site, it's globally visible.
Upgrading dovecot overwrites installed SSL keys
severity 340008 grave thanks I have increased the severity of this bug as overwriting the SSL key is data loss. This affects the recent security upgrade in sarge which makes it especially visible. It is perhaps worth reissuing this erratum having fixed this problem. If there is interest in this I am happy to provide the fix. Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bogus DNS data from several debian.org authoritative servers
Neil McGovern wrote: > I'm forwarding this over to debian-admin, as they're the people who can > fix this :) I had already answered Bjoern: Ah yes, the named on saens went alive again. That was not planned. Disabled again. The problem lies somewhere "between" saens and you. It's fine on saens locally. Regards, Joey -- Ten years and still binary compatible. -- XFree86 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Bogus DNS data from several debian.org authoritative servers
I'm forwarding this over to debian-admin, as they're the people who can fix this :) Neil On Mon, May 29, 2006 at 10:57:06AM +0200, Bjørn Mork wrote: > First, not so serious, but still an error: All debian.org servers have > a mismatch between the delegation and the served data, adding > samosa.debian.org as autoritative (I know samosa is listed as primary > in the SOA record, but it need not, and should not, be listed as > autoritative as long as it's not listed by the delegating servers): > > > Delegation: > > [EMAIL PROTECTED]:~$ dig ns debian.org @tld1.ultradns.net > > ; <<>> DiG 9.3.1 <<>> ns debian.org @tld1.ultradns.net > ; (2 servers found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12930 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 > > ;; QUESTION SECTION: > ;debian.org.IN NS > > ;; AUTHORITY SECTION: > debian.org. 86400 IN NS spohr.debian.org. > debian.org. 86400 IN NS saens.debian.org. > debian.org. 86400 IN NS klecker.debian.org. > > ;; ADDITIONAL SECTION: > spohr.debian.org. 86400 IN A 140.211.166.43 > saens.debian.org. 86400 IN A 128.101.240.212 > klecker.debian.org. 86400 IN A 194.109.137.218 > > ;; Query time: 51 msec > ;; SERVER: 204.74.112.1#53(204.74.112.1) > ;; WHEN: Mon May 29 10:40:36 2006 > ;; MSG SIZE rcvd: 138 > > > > NS-records from klecker: > > > [EMAIL PROTECTED]:~$ dig ns debian.org @klecker.debian.org > > ; <<>> DiG 9.3.1 <<>> ns debian.org @klecker.debian.org > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53513 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;debian.org.IN NS > > ;; ANSWER SECTION: > debian.org. 3600IN NS saens.debian.org. > debian.org. 3600IN NS spohr.debian.org. > debian.org. 3600IN NS samosa.debian.org. > debian.org. 3600IN NS klecker.debian.org. > > ;; ADDITIONAL SECTION: > saens.debian.org. 3600IN A 128.101.240.212 > spohr.debian.org. 300 IN A 140.211.166.43 > samosa.debian.org. 3600IN A 192.25.206.57 > klecker.debian.org. 3600IN A 194.109.137.218 > > ;; Query time: 50 msec > ;; SERVER: 194.109.137.218#53(194.109.137.218) > ;; WHEN: Mon May 29 10:41:25 2006 > ;; MSG SIZE rcvd: 175 > > > > > Second error is much more serious: Some of the servers will sometimes > provide 0.0.0.0 as its own address in the additional data: > > [EMAIL PROTECTED]:~$ dig soa debian.org @saens.debian.org > > ; <<>> DiG 9.3.1 <<>> soa debian.org @saens.debian.org > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20147 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;debian.org.IN SOA > > ;; ANSWER SECTION: > debian.org. 3600IN SOA samosa.debian.org. > hostmaster.debian.org. 2006051701 10800 3600 604800 3600 > > ;; AUTHORITY SECTION: > debian.org. 3600IN NS klecker.debian.org. > debian.org. 3600IN NS saens.debian.org. > debian.org. 3600IN NS spohr.debian.org. > debian.org. 3600IN NS samosa.debian.org. > > ;; ADDITIONAL SECTION: > saens.debian.org. 3600IN A 0.0.0.0 > spohr.debian.org. 300 IN A 140.211.166.43 > samosa.debian.org. 3600IN A 192.25.206.57 > klecker.debian.org. 3600IN A 194.109.137.218 > > ;; Query time: 128 msec > ;; SERVER: 128.101.240.212#53(128.101.240.212) > ;; WHEN: Mon May 29 10:47:53 2006 > ;; MSG SIZE rcvd: 222 > > > This in spite of it claiming to have the same zone version as > e.g. klecker: > > [EMAIL PROTECTED]:~$ dig soa debian.org @klecker.debian.org > > ; <<>> DiG 9.3.1 <<>> soa debian.org @klecker.debian.org > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27220 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 > > ;; QUESTION SECTION: > ;debian.org.IN SOA > > ;; ANSWER SECTION: > debian.org. 3600IN SOA samosa.debian.org. > hostmaster.debian.org. 2006051701 10800 3600 604800 3600 > > ;; AUTHORITY SECTION: > debian.org. 3600IN NS saens.debian.org. > debian.org. 3600IN NS spohr.debian.org. > debian.org. 3600IN NS samosa.debian.org. > debian.org. 3600IN NS kle
Re: Drupal DRUPAL-SA-2006-005, DRUPAL-SA-2006-006
Jan Luehr wrote: > Is fix for 005 and 006 on its way? The fixes you're talking about [1] don't seem complex at first sight, as the patches for Drupal 4.6.6 [2,3] are pretty simple. So, I guess the security team will be able to handle this without problems :) If you can't wait, just try to apply the patches yourself, and don't forget to create a .htaccess files in the "files" directory, with this simple content: "SetHandler This_is_a_Drupal_security_line_do_not_remove". (Drupal 4.6.7 has code to create that file automatically.) If you have enough time, you can try to manually upgrade to the latest Drupal (4.7.1), as drupal in Debian is only in the 4.5.x series. Of course, this means you must manually maintain it by yourself. Ch. [1] Drupal 4.6.7 and 4.7.1 released http://drupal.org/drupal-4.7.1 [2] DRUPAL-SA-2006-005 : Patch for 4.6.6 http://drupal.org/files/sa-2006-005/4.6.6.patch [3] DRUPAL-SA-2006-006 : Patch for 4.6.6 http://drupal.org/files/sa-2006-006/4.6.6.patch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bogus DNS data from several debian.org authoritative servers
First, not so serious, but still an error: All debian.org servers have a mismatch between the delegation and the served data, adding samosa.debian.org as autoritative (I know samosa is listed as primary in the SOA record, but it need not, and should not, be listed as autoritative as long as it's not listed by the delegating servers): Delegation: [EMAIL PROTECTED]:~$ dig ns debian.org @tld1.ultradns.net ; <<>> DiG 9.3.1 <<>> ns debian.org @tld1.ultradns.net ; (2 servers found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12930 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;debian.org.IN NS ;; AUTHORITY SECTION: debian.org. 86400 IN NS spohr.debian.org. debian.org. 86400 IN NS saens.debian.org. debian.org. 86400 IN NS klecker.debian.org. ;; ADDITIONAL SECTION: spohr.debian.org. 86400 IN A 140.211.166.43 saens.debian.org. 86400 IN A 128.101.240.212 klecker.debian.org. 86400 IN A 194.109.137.218 ;; Query time: 51 msec ;; SERVER: 204.74.112.1#53(204.74.112.1) ;; WHEN: Mon May 29 10:40:36 2006 ;; MSG SIZE rcvd: 138 NS-records from klecker: [EMAIL PROTECTED]:~$ dig ns debian.org @klecker.debian.org ; <<>> DiG 9.3.1 <<>> ns debian.org @klecker.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53513 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUESTION SECTION: ;debian.org.IN NS ;; ANSWER SECTION: debian.org. 3600IN NS saens.debian.org. debian.org. 3600IN NS spohr.debian.org. debian.org. 3600IN NS samosa.debian.org. debian.org. 3600IN NS klecker.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600IN A 128.101.240.212 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600IN A 192.25.206.57 klecker.debian.org. 3600IN A 194.109.137.218 ;; Query time: 50 msec ;; SERVER: 194.109.137.218#53(194.109.137.218) ;; WHEN: Mon May 29 10:41:25 2006 ;; MSG SIZE rcvd: 175 Second error is much more serious: Some of the servers will sometimes provide 0.0.0.0 as its own address in the additional data: [EMAIL PROTECTED]:~$ dig soa debian.org @saens.debian.org ; <<>> DiG 9.3.1 <<>> soa debian.org @saens.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20147 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;debian.org.IN SOA ;; ANSWER SECTION: debian.org. 3600IN SOA samosa.debian.org. hostmaster.debian.org. 2006051701 10800 3600 604800 3600 ;; AUTHORITY SECTION: debian.org. 3600IN NS klecker.debian.org. debian.org. 3600IN NS saens.debian.org. debian.org. 3600IN NS spohr.debian.org. debian.org. 3600IN NS samosa.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600IN A 0.0.0.0 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600IN A 192.25.206.57 klecker.debian.org. 3600IN A 194.109.137.218 ;; Query time: 128 msec ;; SERVER: 128.101.240.212#53(128.101.240.212) ;; WHEN: Mon May 29 10:47:53 2006 ;; MSG SIZE rcvd: 222 This in spite of it claiming to have the same zone version as e.g. klecker: [EMAIL PROTECTED]:~$ dig soa debian.org @klecker.debian.org ; <<>> DiG 9.3.1 <<>> soa debian.org @klecker.debian.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27220 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;debian.org.IN SOA ;; ANSWER SECTION: debian.org. 3600IN SOA samosa.debian.org. hostmaster.debian.org. 2006051701 10800 3600 604800 3600 ;; AUTHORITY SECTION: debian.org. 3600IN NS saens.debian.org. debian.org. 3600IN NS spohr.debian.org. debian.org. 3600IN NS samosa.debian.org. debian.org. 3600IN NS klecker.debian.org. ;; ADDITIONAL SECTION: saens.debian.org. 3600IN A 128.101.240.212 spohr.debian.org. 300 IN A 140.211.166.43 samosa.debian.org. 3600IN A 192.25.206.57 klecker.debian.org. 3600IN A 194.109.137.218 ;; Query time: 52 msec ;; SERVER: 194.109.137.218#53(194.109.137.218) ;; WHEN: Mon May 29 10:48:59 2006 ;; MSG SIZE rcvd: 2