%package samba Update: Fri Apr 20 2001 11:01:58 Importance: security %pre A vulnerability found by Marcus Meissner exists in Samba where it was not creating temporary files safely which could allow local users to overwrite files that they may not have access to. This happens when a remote user queried a printer queue and samba would create a temporary file in which the queue's data was written. Because Samba created the file insecurely and used a predictable filename, a local attacker could cause Samba to overwrite files that the attacker did not have access to. As well, the smbclient "more" and "mput" commands also created temporary files insecurely. The vulnerability is present in Samba 2.0.7 and lower. 2.0.8 and 2.2.0 correct this behaviour. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2 features an almost working NT Domain Control capability and includes the new SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package nedit Update: Wed Apr 25 2001 11:17:12 Importance: security %pre A temporary file vulnerability exists in NEdit, the Nirvana Editor. When printing the entire text or selected parts of the text within the editor, nedit creates a temporary file in an insecure manner. This could be exploited to gain access to other user privileges including root. %description NEdit is a multi-purpose text editor for the X Window System, which combines a standard, easy to use, graphical user interface with the thorough functionality and stability required by users who edit text eighthours a day. It provides intensive support for development in a wide variety of languages, text processors, and other tools, but at the same time can be used productively by just about anyone who needs to edit text. %package rpmdrake Update: Fri Apr 27 2001 11:45:12 Importance: security %pre A temporary file vulnerability exists in rpmdrake. This updated rpmdrake corrects the problem. %description rpmdrake is an apt-alike tool. It also handles packages on more than one cdrom, asking you the needed one. It is a graphical front-end to urpmi/gurpmi. %package gftp Update: Fri Apr 27 2001 13:07:36 Importance: security %pre A format string vulnerability exists in all versions of gftp prior to version 2.0.8. This vulnerability has been fixed upstream in version 2.0.8. %description gFTP is a multithreaded FTP client for X Windows written using Gtk. It features simultaneous downloads, resuming of interrupted file transfers, file transfer queues, downloading of entire directories, ftp proxy support, remote directory caching, passive and non-passive file transfers, drag-n-drop, bookmarks menu, stop button, and many more features. %package gnupg Update: Wed May 2 2001 12:43:52 Importance: security %pre GnuPG version 1.0.5 has been released that fixes a few security problems, including a vulnerability that makes it easier for an attacker to recover your private key if they are able to steal your keyring. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. Because GnuPG does not use use any patented algorithm it cannot be compatible with PGP2 versions. PGP 2.x uses only IDEA (which is patented worldwide) and RSA (which is patented in the United States until Sep 20, 2000). %package kdelibs Update: Thu May 3 2001 19:07:50 Importance: security %pre A problem exists with the kdesu component of kdelibs. It created a world-readable temporary file to exchange authentication information and delete it shortly after. This can be abused by a local user to gain access to the X server and could result in a compromise of the account that kdesu would access. %description Libraries for the K Desktop Environment. %package bash Update: Thu May 3 2001 19:08:33 Importance: bugfix %pre A problem existed with the bash released with 8.0 where the printf() function would not display in any terminals. This update fixes the problem. %description Bash is a GNU project sh-compatible shell or command language interpreter. Bash (Bourne Again shell) incorporates useful features from the Korn shell (ksh) and the C shell (csh). Most sh scripts can be run by bash without modification. Bash offers several improvements over sh, including command line editing, unlimited size command history, job control, shell functions and aliases, indexed arrays of unlimited size and integer arithmetic in any base from two to 64. Bash is ultimately intended to conform to the IEEE POSIX P1003.2/ISO 9945.2 Shell and Tools standard. Bash is the default shell for Linux Mandrake. You should install bash because of its popularity and power. You'll probably end up using it. %package glibc Update: Mon May 7 2001 21:04:03 Importance: bugfix %pre The release version of glibc has a problem where the Oracle Universl Installer would not start. This update glibc fixes the problem. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support and timezone databases. %package pine Update: Mon May 7 2001 21:04:41 Importance: security %pre Versions of the Pine email client prior to 4.33 have various temporary file creation problems, as does the pico editor. These issues allow any user with local system access to cause any files owned by any other user, including root, to potentially be overwritten if the conditions were right. %description Pine is a very popular, easy to use, full-featured email user agent which includes a simple text editor called pico. Pine supports MIME extensions and can also be used to read news. Pine also supports IMAP, mail and MH style folders. Pine should be installed because Pine is a very commonly used email user agent and it is currently in development. %package cups Update: Thu May 10 2001 19:42:14 Importance: security %pre The version of cups shipped with Linux-Mandrake 8.0 has a problem where when a user prints a multi-page PostScript file with embedded pictures, the pages following the first with the picture are all printed on the same page, one on top of the other. From multi-page Abiword files (only text) only the last page is printed. This update resolves this bug. As well, the upstream 1.1.7 release of cups fixes some security issues. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package vixie-cron Update: Thu May 10 2001 19:50:18 Importance: security %pre A recent security fix to cron introduced a new problem with giving up privileges before invoking the editor. A malicious local user could exploit this to gain root acces. %description The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron adds better security and more powerful configuration options to the standard version of cron. %package minicom Update: Thu May 10 2001 19:56:47 Importance: security %pre Several format string vulnerabilities exist in the minicom program. These bugs can be exploited to obtain group uucp privilege. A simple fix is to simply remove the setgid bit on /usr/bin/minicom, however these new packages introduce some fixes for the vulnerabilties through a patch from Red Hat, and also strip the setgid bit. %description Minicom is a simple text-based modem control and terminal emulation program somewhat similar to MSDOS Telix. Minicom includes a dialing directory, full ANSI and VT100 emulation, an (external) scripting language, and other features. Minicom should be installed if you need a simple modem control program or terminal emulator. %package openssh Update: Mon May 21 2001 10:04:50 Importance: security %pre A problem was introduced with a patch applied to the OpenSSH packages released in the previous update. This problem was due to the keepalive patch included, and it broke interoperability with older versions of OpenSSH and SSH. This update removes the patch, and also provides the latest version of OpenSSH which provides a number of new features and enhancements. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package xmms Update: Fri May 25 2001 11:33:17 Importance: bugfix %pre When using xmms using the Italian language, xmms would segfault. This update fixes the Italian language support. %description XMMS is a sound player written from scratch. Since it uses the WinAmp GUI, it can use WinAmp skins, and play mp3s, mods, s3ms, and other formats. It now has support for input, output, and general plugins, and has also been GPLd. This package also provides an effect plugin based on Sox and a shell for xmms in order to command the running xmms from any script/commandline. %package gnupg Update: Wed May 30 2001 17:34:48 Importance: security %pre A format string vulnerability exists in gnupg 1.0.5 and previous versions which is fixed in 1.0.6. This vulnerability can be used to invoke shell commands with privileges of the currently logged-in user. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package drakfont Update: Tue Jun 5 2001 16:04:44 Importance: bugfix %pre A problem existed with importing Windows fonts using the drakfont program. This has been corrected in this update. %description Fonts manager. You can add new fonts, remove fonts, and get Windows fonts. %package imap Update: Mon Jun 11 2001 08:06:53 Importance: security %pre Several buffer overflow vulnerabilities have been found in the UW-IMAP package by the authors and independant groups. These vulnerabilities can be exploited only once a user has authenticated which limits the extent of the vulnerability to a remote shell with that user's permissions. On systems where the user already has a shell, nothing new will be provided to that user, unless the user has only local shell access. On systems where the email accounts do not provide shell access, however, the problem is much greater. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package xinetd Update: Mon Jun 11 2001 08:03:33 Importance: security %pre A bug exists in xinetd as shipped with Linux-Mandrake 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do not set permissions themselves (like SWAT, a web configuration tool for Samba), will create world writable files. This update sets the default umask to 022. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package tcpdump Update: Wed Jun 13 2001 11:37:42 Importance: security %pre A number of remote buffer overflows were discovered in the tcpdump package that would allow a remote attack of the local tcpdump process. Intrusion detection using tcpdump would no longer be useful due to the attack stoping all network activity on the system. As well, this new version of tcpdump fixes the vulnerability with decoding AFS ACL packets which would allow a remote attacker to run arbitrary code on the local system with root privilege. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package mandrake_desk Update: Wed Jun 13 2001 11:47:24 Importance: bugfix %pre A problem existed with the default GTK theme for Mandrake Linux 8.0 that would cause some applications like gfloppy, xcdroast, and the GIMP to crash. This update corrects the problem with the theme. %description This package contains useful icons, backgrounds and others goodies for the Mandrake desktop. %package ispell Update: Wed Jun 20 2001 11:58:53 Importance: security %pre The ispell program uses mktemp() to open temporary files. This makes it vulnerable to symlink attacks. The program now has a patch from OpenBSD applied that uses mkstemp() instead, and switches gets() to fgets() for dealing with user input. %description Ispell is the GNU interactive spelling checker. Ispell will check a text file for spelling and typographical errors. When it finds a word that is not in the dictionary, it will suggest correctly spelled words for the misspelled word. You should install ispell if you need a program for spell checking (and who doesn't...). Note this package has only the spell checker engine; you also need to install the dictionary files from the ispell-* package for your language. %package ImageMagick Update: Wed Jun 13 2001 12:02:18 Importance: bugfix %pre The ImageMagick packages in Mandrake Linux 8.0 were missing the Magick-config and Magick++-config files, which are necessary when linking packages to the ImageMagick libraries. %description ImageMagick is a powerful image display, conversion and manipulation tool. It runs in an X session. With this tool, you can view, edit and display a variety of image formats. This package installs the necessary files to run ImageMagick. %package webmin Update: Wed Jun 20 2001 12:11:12 Importance: security %pre Recently, Caldera found that when webmin starts a system daemon from the web frontend it does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon would also get these variables. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package libgtk+ Update: Thu Jun 28 2001 15:29:30 Importance: security %pre A vulnerability exists with the GTK+ toolkit in that the GTK_MODULES environment variable allows a local user to enter a directory path to a module that does not necessarily need to be associated with GTK+. With this, an attacker could create a custom module and load it using the toolkit which could result in elevated privileges, the overwriting of system files, and the execution of malicious code. %description The gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. GTK+ was originally written for the GIMP (GNU Image Manipulation Program) image processing program, but is now used by several other programs as well. If you are planning on using the GIMP or another program that uses GTK+, you'll need to have the gtk+ package installed. %package samba Update: Fri Jun 29 2001 11:23:19 Importance: security %pre Michal Zalewski has found a vulnerability in all versions of Samba prior to 2.0.10 where if a client sends an invalid netbios name Samba could be tricked into appending it's log to files writable by root. This can be very dangerous if combined with a symlink created by a local user. Note that the log files must be specified as %m.log in order for this to work, and Mandrake Linux ships Samba by default using log.%m, thus it is not vulnerable "out of the box". %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2 features an almost working NT Domain Control capability and includes the new SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package fetchmail Update: Thu Jul 4 2001 16:27:29 Importance: security %pre Wolfram Kleff reported recently that the fetchmail program would segfault when receiving emails with a very large "To:" header. This is due to a buffer overflow within the header parsing code, which can be exploited remotely. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package xinetd Update: Thu Jul 4 2001 16:28:42 Importance: security %pre A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do not set permissions themselves (like SWAT, a web configuration tool for Samba), will create world writable files. This update sets the default umask to 022. This update forces the TMPDIR to /tmp instead of obtaining it from the root user by default, which uses /root/tmp. As well, this version of xinetd also fixed a possible buffer overflow in the logging code that was reported by zen-parse on bugtraq, but was not mentioned in the previous advisory. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package tripwire Update: Wed Jul 18 2001 14:00:32 Importance: security %pre Jarno Juuskonen reported that a temporary file vulnerability exists in versions of Tripwire prior to 2.3.1-2. Because Tripwire opens/creates temporary files in /tmp without the O_EXCL flag during filesystem scanning and database updating, a malicious user could execute a symlink attack against the temporary files. This new version has all but one unsafe temporary file open fixed. It can still be used safely when using the new TEMPDIRECTORY configuration option, which is now set to /root/tmp. %description Tripwire is a very valuable security tool for Linux systems, if it is installed to a clean system. Tripwire should be installed right after the OS installation, and before you have connected your system to a network (i.e., before any possibility exists that someone could alter files on your system). When Tripwire is initially set up, it creates a database that records certain file information. Then when it is run, it compares a designated set of files and directories to the information stored in the database. Added or deleted files are flagged and reported, as are any files that have changed from their previously recorded state in the database. When Tripwire is run against system files on a regular basis, any file changes will be spotted when Tripwire is run. Tripwire will report the changes, which will give system administrators a clue that they need to enact damage control measures immediately if certain files have been altered. Extra-paranoid Tripwire users will set it up to run once a week and e-mail the results to themselves. Then if the e-mails stop coming, you'll know someone has gotten to the Tripwire program... After installing this package, you should run "/etc/tripwire/twinstall.sh" to generate cryptographic keys, and "tripwire --init" to initialize the database. %package openssl Update: Wed Jul 18 2001 14:01:51 Importance: security %pre The pseudo-random number generator in OpenSSL versions up to 0.9.6a has a design flaw. By knowing the output of specific PRNG requests, an attacker would be able to determine the PRNG's internal state and thus predict future PRNG output. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package squid Update: Wed Jul 25 2001 10:47:23 Importance: security %pre The Squid proxy server has a serious security flaw in versions 2.3.STABLE2 through 2.3.STABLE4. This problem surfaces when Squid is used in httpd_accel mode. If you configure http_accel_with_proxy off then any request to Squid is allowed. Malicious users may use your proxy to portscan remote systems, forge email, and other activities. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package elm Update: Wed Jul 25 2001 10:59:26 Importance: security %pre A buffer overflow exists in the elm email client when handling very long message-ids. This would overwrite other header fields and could potentially cause further damage. %description Elm is a popular terminal mode email user agent. Elm includes all standard mailhandling features, including MIME support via metamail. Elm is still used by some people, but is no longer in development. If you've used Elm before and you're devoted to it, you should install the elm package. If you would like to use metamail's MIME support, you'll also need to install the metamail package. %package telnet Update: Mon Aug 13 2001 16:31:52 Importance: security %pre A buffer overflow exists in telnet which could provide root access to local users. %description Telnet is a popular protocol for logging into remote systems over the Internet. The telnet package provides a command line telnet client. Install the telnet package if you want to telnet to remote machines. %package openldap Update: Mon Aug 13 2001 16:36:54 Importance: security %pre CERT released an advisory that details a number of vulnerabilities as found in a variety of different LDAP implementations. The results of these tests showed one vulnerability in OpenLDAP with slapd not handling packets with certain invalid fields. A malicious attacker could craft such invalid packets, resulting in a denial of service attack on the affected server. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package gdm Update: Mon Aug 20 2001 13:29:57 Importance: security %pre A buffer overrun exists in the XDMCP handling code used in gdm. By sending a properly crafted XDMCP message, it is possible for a remote attacker to execute arbitrary commands as root on the susceptible machine. By default, XDMCP is disabled in gdm.conf on Mandrake Linux. %description Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. %package kernel Update: Mon Aug 27 2001 16:12:56 Importance: security %pre A security hole was found in the earlier Linux 2.4 kernels dealing with iptables RELATED connection tracking. The iptables ip_conntrack_ftp module, which is used for stateful inspection of FTP traffic, does not validate parameters passed to it in an FTP PORT command. Due to this flaw, carefully constructed PORT commands could open arbitrary holes in the firewall. This hole has been fixed, as well as a number of other bugs for the 2.4 kernel shipped with Mandrake Linux 8.0 NOTE: This update is *not* meant to be done via MandrakeUpdate! You must download the necessary RPMs and upgrade manually by following these steps: 1. Type: rpm -ivh kernel-2.4.7-12.3mdk.i586.rpm 2. Type: mv kernel-2.4.7-12.3mdk.i586.rpm /tmp 3. Type: rpm -Fvh *.rpm 4. You may wish to edit /etc/lilo.conf to ensure a new entry is in place. The new kernel will be the last entry. Change any options you need to change. 5. Type: /sbin/lilo -v You may then reboot and use the nwe kernel and remove the older kernel when you are comfortable using the upgraded one. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Linux Mandrake operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package fetchmail Update: Fri Aug 31 2001 13:48:20 Importance: security %pre A vulnerability was found by Salvatore Sanfilippo in both the IMAP and POP3 code of fetchmail where the input is not verified and no bounds checking is done. This can be exploited by a remote attacker to write arbitrary data into memory. The attacker must have control of the mail server the client is connecting to via fetchmail in order to exploit this vulnerability. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package xli Update: Fri Aug 31 2001 13:48:20 Importance: security %pre A buffer overflow exists in xli due to missing boundary checks. This could be triggered by an external attacker to execute commands on the victim's machine. An exploit is publically available. xli is an image viewer that is used by Netscape's plugger to display TIFF, PNG, and Sun-Raster images. %description This utility will view several types of images under X11, or load images onto the X11 root window. Can view the following image types under X11: FBM Image, Sun Rasterfile, CMU WM Raster, Portable Bit Map (PBM, PGM, PPM), Faces Project, GIF Image, JFIF style jpeg Image, Utah RLE Image, Windows, OS/2 RLE Image, Photograph on CD Image, X Window Dump, Targa Image, McIDAS areafile, G3 FAX Image, PC Paintbrush Image, GEM Bit Image, MacPaint Image, X Pixmap (.xpm), XBitmap %package WindowMaker Update: Fri Aug 31 2001 13:48:20 Importance: security %pre A buffer overflow exists in the WindowMaker window manager's window title handling code, as discovered by Alban Hertroys. Many programs, such as web browsers, set the window title to something obtained from the network, such as the title of the currently-viewed web page. As such, this buffer overflow could be exploited remotely. WindowMaker versions above and including 0.65.1 are fixed upstream; these packages have been patched to correct the problem. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package sendmail Update: Fri Aug 31 2001 13:48:20 Importance: security %pre An input validation error exists in sendmail that may allow local users to write arbitrary data to process memory. This could possibly allow the execute of code or commands with elevated privileges and may also allow a local attacker to gain access to the root account. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package xinetd Update: Fri Aug 31 2001 13:48:20 Importance: security %pre An audit has been performed on the xinetd 2.3.0 source code by Solar Designer for many different possible vulnerabilities. The 2.3.1 release incorporated his patches into the xinetd source tree. The audit was very thorough and found and fixed many problems. This xinetd update includes his audit patch. %description xinetd is a powerful replacement for inetd. xinetd has access control machanisms, extensive logging capabilities, the ability to make services available based on time, and can place limits on the number of servers that can be started, among other things. xinetd has the ability to redirect TCP streams to a remote host and port. This is useful for those of that use ip masquerading, or NAT, and want to be able to reach your internal hosts. xinetd also has the ability to bind specific services to specific interfaces. This is useful when you want to make services available for your internal network, but not the rest of the world. Or to have a different service running on the same port, but different interfaces. %package apache Update: Mon Sep 17 2001 21:43:18 Importance: security %pre A problem exists with all Apache servers prior to version 1.3.19. The vulnerablity could allow directory indexing and path discovery on the vulnerable servers with a custom crafted request consisting of a long path name created artificially by using numerous slashes. This can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. Because of the number of add-on packages Mandrake Linux provides for Apache that are compiled for a specific version of Apache, and due to the complexity of the upgrade, we recommend that users upgrade Apache and all associated packages by hand, invoking RPM directly. The updates provide updated Apache, PHP, mod_perl, and mod_ssl packages for all relevant versions, and all should be upgraded at the same time to avoid dependency issues. You can do this by using the "rpm -Fvh *.rpm" command from a temporary directory containing the relevant update packages. Additionally, we have updated PHP to version 4.0.6 for Mandrake Linux 8.0. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package iptables Update: Tue Sep 18 2001 12:55:10 Importance: security %pre The iptables package as released with kernel advisory MDKSA-2001:071 had problems with the initscript functioning improperly, primarily due to the manner with which iptables saved and restored firewall settings. This updated iptables package supercedes that released previously and should be used instead. %description iptables controls the Linux kernel network packet filtering code. It allows you to set up firewalls and IP masquerading, etc. Install iptables if you need to set up firewalling for your network. Install this only if you are using the 2.4 kernels!! %package uucp Update: Thu Sep 20 2001 21:43:05 Importance: security %pre Zen Parse discovered that an argument handling problem that exists in the uucp package can allow a local attacker to gain access to the uucp user or group. %description The uucp command copies files between systems. Uucp is primarily used by remote machines downloading and uploading email and news files to local machines. Install the uucp package if you need to use uucp to transfer files between machines. %package openssh Update: Tue Oct 16 14:34:46 2001 importance: security %pre In some circumstances, the sshd server may not honor the "from=" option that can be associated with a key in a user's ~/.ssh/authorized_keys2 file if multiple keys are listed. This could allow key-based logins from hosts which should not be allowed access. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package sendmail Update: Mon Oct 22 2001 10:23:58 Importance: bugfix %pre The sendmail packages available for Mandrake Linux 8.0 have long delays in sending messages due to RBL lookups that are enabled by default. This update disables RBL lookups by default which eliminates the delay. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package kernel22 Update: Thu Oct 25 18:26:37 2001 importance: security %pre *** NOTE: Please do not use MandrakeUpdate to update the kernel, alsa, *** or reiserfs packages. Instead, download manually and please visit: *** www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3 *** and follow the instructions to properly upgrade your kernel. Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux kernels with the ptrace code and deeply nested symlinks spending an arbitrary amount of time in the kernel code. The ptrace vulnerability could be used by local users to gain root privilege, the symlink vulnerability could result in a local DoS. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Linux Mandrake operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package htdig Update: Thu Nov 1 11:32:45 2001 importance: security %pre A problem was discovered in the ht://Dig web indexing and searching program. Nergal reported a vulnerability in htsearch that allows a remote user to pass the -c parameter, to use a specific config file, to the htsearch program when running as a CGI. A malicious user could point to a file like /dev/zero and force the CGI to stall until it times out. Repeated attacks could result in a DoS. As well, if the user has write permission on the server and can create a file with certain entries, they can point the server to it and retrieve any file readable by the webserver UID. %description The ht://Dig system is a complete world wide web indexing and searching system for a small domain or intranet. This system is not meant to replace the need for powerful internet-wide search systems like Lycos, Infoseek, Webcrawler and AltaVista. Instead it is meant to cover the search needs for a single company, campus, or even a particular sub section of a web site. As opposed to some WAIS-based or web-server based search engines, ht://Dig can span several web servers at a site. The type of these different web servers doesn't matter as long as they understand the HTTP 1.0 protocol. ht://Dig was developed at San Diego State University as a way to search the various web servers on the campus network. %package util-linux Update: Thu Nov 1 11:32:45 2001 importance: security %pre Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations (ie. using pam_limits), it would overwrite the buffer and cause the user to get the credentials of another user. Thanks to Olaf Kirch for providing the patch to fix the problem. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among many features, Util-linux contains the fdisk configuration tool and login program. %package procmail Update: Mon Nov 19 19:52:33 2001 importance: security %pre In older versions of procmail, it is possible to crash procmail by sending it certain signals. If procmail is installed setuid, this could be exploited to gain unauthorized privilege. This problem is fixed in unstable version 3.20 and stable version 3.15.2. %description The procmail program is used by Linux Mandrake for all local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting and other mail handling jobs. Procmail is also the basis for the SmartList mailing list processor. %package gnupg Update: Mon Nov 19 20:11:54 2001 importance: security %pre The /usr/bin/gpg executable was installed setuid root and setgid root. While being setuid root offers locking pages in physical memory to avoid writing sensitive material to swap and is of benefit, being setgid root provides no benefits and allows users to write to files that have group root access. This update strips the setgid bit from /usr/bin/gpg. %description GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. %package tetex Update: Tue Nov 20 00:06:26 2001 importance: security %pre A problem was discovered in the temporary file handling capabilities of some teTeX filters by zen-parse. These filters are used as print filters automatically when printing .dvi files using lpr. This can lead to elevated privileges. This update relies on the updated mktemp packages for 7.x in MDKA-2001:021, which gives mktemp the ability to create temporary directories. 8.x users already have a mktemp that works in this fashion. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package kernel22 Update: Tue Nov 20 14:59:50 2001 importance: security %pre *** NOTE: Please do not use MandrakeUpdate to update the kernel, alsa, *** or reiserfs packages. Instead, download manually and please visit: *** www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3 *** and follow the instructions to properly upgrade your kernel. Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux kernels with the ptrace code and deeply nested symlinks spending an arbitrary amount of time in the kernel code. The ptrace vulnerability could be used by local users to gain root privilege, the symlink vulnerability could result in a local DoS. There is an additional vulnerability in the kernel's syncookie code which could potentially allow a remote attacker to guess the cookie and bypass existing firewall rules. The discovery was found by Manfred Spraul and Andi Kleen. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Linux Mandrake operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel Update: Tue Nov 20 15:24:57 2001 importance: security %pre *** NOTE: Please do not use MandrakeUpdate to update the kernel packages. *** Instead, download manually and please visit: *** www.linux-mandrake.com/en/security/2001/MDKSA-2001-079-1.php3 *** and follow the instructions to properly upgrade your kernel. Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux kernels with the ptrace code and deeply nested symlinks spending an arbitrary amount of time in the kernel code. The ptrace vulnerability could be used by local users to gain root privilege, the symlink vulnerability could result in a local DoS. There is an additional vulnerability in the kernel's syncookie code which could potentially allow a remote attacker to guess the cookie and bypass existing firewall rules. The discovery was found by Manfred Spraul and Andi Kleen. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package squid Update: Wed Nov 21 13:38:44 2001 importance: security %pre Vladimir Ivaschenko found a problem in the squid proxy server. Certain FTP requests could cause the squid daemon to abort, making it unavailable for a few seconds. If enough of these requests are sent in a short period of time, the squid daemon will not restart itself. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package apache Update: Tue Nov 26 2001 10:47:46 Importance: security %pre A problem exists with all Apache servers prior to version 1.3.19. The vulnerablity could allow directory indexing and path discovery on the vulnerable servers with a custom crafted request consisting of a long path name created artificially by using numerous slashes. This can cause modules to misbehave and return a listing of the directory contents by avoiding the error page. Another vulnerability found by Procheckup (www.procheckup.com) was that all directories, by default, were configured as browseable so an attacker could list all files in the targeted directories. As well, Procheckup found that the perl-proxy/management software on port 8200 would supply dangerous information to attackers due to a perl status script that was enabled. We have disabled directory browsing by default and have disabled the perl status scripts. Because of the number of add-on packages Mandrake Linux provides for Apache that are compiled for a specific version of Apache, and due to the complexity of the upgrade, we recommend that users upgrade Apache and all associated packages by hand, invoking RPM directly. The updates provide updated Apache, PHP, mod_perl, and mod_ssl packages for all relevant versions, and all should be upgraded at the same time to avoid dependency issues. You can do this by using the "rpm -Fvh *.rpm" command from a temporary directory containing the relevant update packages. For detailed information on the recommended upgrade process for Apache and all related packages, please visit: http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-077-1.php3 %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package postfix Update: Thu Nov 29 2001 17:36:40 Importance: security %pre Wietse Venema, the author of postfix, reported a vulnerability in the SMTP server where a remote attacker could execute a Denial of Service attack on it. The SMTP session log could grow to an unreasonable size and could possibly exhause the server's memory if no other limits were enforced. %description Postfix aims to be an alternative to the widely-used sendmail program. Sendmail is responsible for 70 percent of all e-mail delivered on the Internet. With an estimated 100 million users, that's an estimated 10 billion (10^10) messages daily. A stunning number. Although IBM supported the Postfix development, it abstains from control over its evolution. The goal is to have Postfix installed on as many systems as possible. To this end, the software is given away with no strings attached to it, so that it can evolve with input from and under control by its users. %package wu-ftpd Update: Thu Nov 29 2001 17:48:45 Importance: security %pre A vulnerability in wu-ftpd's ftpglob() function was found by the CORE ST team. This vulnerability can be exploited to obtain root access on the FTP server. %description The wu-ftpd package contains the wu-ftpd FTP (File Transfer Protocol) server daemon. The FTP protocol is a method of transferring files between machines on a network and/or over the Internet. Wu-ftpd's features include logging of transfers, logging of commands, on the fly compression and archiving, classification of users' type and location, per class limits, per directory upload permissions, restricted guest accounts, system wide and per directory messages, directory alias, cdpath, filename filter and virtual host support. Install the wu-ftpd package if you need to provide FTP service to remote users. %package openssh Update: Thu Dec 13 11:04:17 2001 importance: security %pre The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support that is present in versions 2.9.9 and 3.0.0. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package flex Update: Mon Dec 17 11:19:57 2001 importance: bugfix %pre The flex package includes its own declaration of the isatty() function that is different from that in the unistd.h header file that comes with the the glibc-devel package. This prevents proper recompilation of the kdelibs 2.0 and XFree86 4.0.x packages. %description The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The executable searches through its input for occurrences of the regular expressions. When a match is found, it executes the corresponding C code. Flex was designed to work with both Yacc and Bison, and is used by many programs as part of their build process. You should install flex if you are going to use your system for application development. %package libgtop Update: Wed Dec 19 11:41:07 2001 importance: security %pre A remote format string vulnerability was found in the libgtop daemon by Laboratory intexxia. By sending a specially crafted format string to the server, a remote attacker could potentially execute arbitrary code on the remote system with the daemon's permissions. By default libgtop runs as the user nobody, but the flaw could be used to compromise local system security by allowing the attacker to exploit other local vulnerabilities. A buffer overflow was also found by Flavio Veloso which could allow the client to execute code on the server. Both vulnerabilities are patched in this update and will be fixed upstream in version 1.0.14. libgtop_daemon is not invoked by default anywhere in Mandrake Linux. %description A library that fetches information about the running system such as CPU and memory useage, active processes and more. On Linux systems, this information is taken directly from the /proc filesystem while on other systems a server is used to read that information from other /dev/kmem, among others. %package glibc Update: Wed Dec 19 16:54:23 2001 importance: security %pre Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support and timezone databases. %package bind Update: Tue Jan 08 12:12:56 2002 importance: security %pre There are some insecure permissions on configuration files and executables with the bind 9.x packages shipped with Mandrake Linux 8.0 and 8.1. This update provides stricter permissions by making the /etc/rndc.conf and /etc/rndc.key files read/write by the named user and by making /sbin/rndc-confgen and /sbin/rndc read/write/executable only by root. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. %package mutt Update: Tue Jan 08 12:56:31 2002 importance: security %pre Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately. %description Mutt is a text mode mail user agent. Mutt supports color, threading, arbitrary key remapping, and a lot of customization. You should install mutt if you've used mutt in the past and you prefer it, or if you're new to mail programs and you haven't decided which one you're going to use. %package sudo Update: Tue Jan 15 12:00:05 2002 importance: security %pre The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package proftpd Update: Thu Jan 17 14:48:35 2002 importance: security %pre Matthew S. Hallacy discovered that ProFTPD was not forward resolving reverse-resolved hostnames. A remote attacker could exploit this to bypass ProFTPD access controls or have false information logged. Frank Denis discovered that a remote attacker could send malicious commands to the ProFTPD server and it would force the process to consume all CPU and memory resources available to it. This DoS vulnerability could bring the server down with repeated attacks. Finally, Mattias found a segmentation fault problem that is considered by the developers to be unexploitable. %description ProFTPd is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directory visibility. This version supports both standalone and xinetd operation. %package xchat Update: Thu Jan 17 14:54:09 2002 importance: security %pre zen-parse discovered a problem in versions 1.4.2 and 1.4.3 of xchat that could allow a malicious user to send commands to the IRC server they are on which would take advantage of the CTCP PING reply handler in xchat. This could be used for denial of service, channel takeovers, and other similar attacks. The problem exists in 1.6 and 1.8 versions, however it is controlled by the "percascii" variable which defaults to 0. It "percascii" is set to 1, the problem is exploitable. This vulnerability has been fixed upstream in version 1.8.7. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package rsync Update: Mon Jan 28 2002 11:01:51 Importance: security %pre Sebastian Krahmer of the SuSE Security Team performed an audit on the rsync tool and discovered that in several places signed and unsigned numbers were mixed, with the end result being insecure code. These flaws could be abused by remote users to write 0 bytes into rsync's memory and trick rsync into executing arbitrary code on the server. It is recommended that all Mandrake Linux users update rsync immediately. As well, rsync server administrators should seriously consider making use of the "use chroot", "read only", and "uid" options as these can significantly reduce the impact that security problems in rsync (or elsewhere) have on the server. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package enscript Update: Mon Jan 28 2002 11:01:51 Importance: security %pre The enscript program does not create temporary files in a secure fashion and as such could be abused if enscript is run as root. %description Enscript is a print filter. It can take ASCII input and format it into PostScript output. At the same time, it can also do nice transformations like putting two ASCII pages on one physical page (side by side) or changing fonts. %package gzip Update: Thu Jan 31 2002 11:06:56 Importance: security %pre There are two problems with the gzip archiving program; the first is a crash when an input file name is over 1020 characters, and the second is a buffer overflow that could be exploited if gzip is run on a server such as an FTP server. The patch applied is from the gzip developers and the problems have been fixed in the latest beta. %description The gzip package contains the popular GNU gzip data compression program. Gzipped files have a .gz extension. Gzip should be installed on your Mandrake Linux system, because it is a very commonly used data compression program. %package slocate Update: Tue Feb 5 2002 11:18:24 Importance: bugfix %pre The versions of slocate that shipped with Mandrake Linux 8.0 and 8.1 had a bug where they would segfault when trying to pass regular expressions to the program. That bug is fixed with these updates. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (which is updated nightly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package groff Update: Thu Feb 7 2002 12:31:57 Importance: security %pre zen-parse discovered an exploitable buffer overflow in groff's preprocessor. If groff is invoked using the LPRng printing system, an attacker can gain rights as the "lp" user. Likewise, this may be remotely exploitable if lpd is running and remotely accessible and the attacker knows the name of the printer and it's spool file. %description Groff is a document formatting system. Groff takes standard text and formatting commands as input and produces formatted output. The created documents can be shown on a display or printed on a printer. Groff's formatting commands allow you to specify font type and size, bold type, italic type, the number and size of columns on a page, and more. You should install groff if you want to use it as a document formatting system. Groff can also be used to format man pages. If you are going to use groff with the X Window System, you'll also need to install the groff-gxditview package. %package openldap Update: Mon Feb 11 2002 13:07:14 Importance: security %pre A problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19 where permissions are not properly checked using access control lists when a user tries to remove an attribute from an object in the directory by replacing it's values with an empty list. Schema checking is still enforced, so a user can only remove attributes that the schema does not require the object to possess. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package ucd-snmp Update: Thu Feb 14 2002 23:47:31 Importance: security %pre The Oulu University Secure Programming Group (OUSPG) has identified numerous vulnerabilities in multiple vendor SNMPv1 implementations. These vulnerabilities may allow unauthorized privileged access, denial of service attacks, or unstable behaviour. %description SNMP (Simple Network Management Protocol) is a protocol used for network management (hence the name). The NET-SNMP project includes various SNMP tools; an extensible agent, an SNMP library, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl mib browser. This package contains the snmpd and snmptrapd daemons, documentation, etc. Install the ucd-snmp package if you need network management tools. You will probably also want to install the ucd-snmp-utils package, which contains NET-SNMP utilities. %package cups Update: Thu Feb 14 2002 23:47:31 Importance: security %pre There is a potential buffer overflow vulnerability in CUPS when reading the names of attributes. This bug affects all versions of CUPS and is fixed upstream in version 1.1.14. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package squid Update: Thu Feb 21 2002 12:18:57 Importance: security %pre Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service attack on ther server if the SNMP interface is enabled. The next is a buffer overflow in the implementation of ftp:// URLs where allowed users could possibly perform a DoS on the server, and may be able to trigger remote execution of code (which the authors have not yet confirmed). The final issue is with the HTCP interface which cannot be properly disabled from squid.conf; HTCP is enabled by default on Mandrake Linux systems. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package php Update: Thu Feb 28 2002 13:09:40 Importance: security %pre Several flaws exist in various versions of PHP in the way it handles multipart/form-data POST requests, which are used for file uploads. The php_mime_split() function could be used by an attacker to execute arbitrary code on the server. This affects both PHP4 and PHP3. The authors have fixed this in PHP 4.1.2 and provided patches for older versions of PHP. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. %package cyrus-sasl Update: Thu Feb 28 2002 13:20:59 Importance: security %pre Kari Hurtta discovered that a format bug exists in the Cyrus SASL library, which is used to provide an authentication API for mail clients and servers, as well as other services such as LDAP. The format bug was found in one of the logging functions which could be used by an attacker to obtain acces to a machine or to possibly acquire elevated privileges. Thanks to the SuSE security team for providing the fix. %description SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. To use SASL, a protocol includes a command for identifying and authenticating a user to a server and for optionally negotiating protection of subsequent protocol interactions. If its use is negotiated, a security layer is inserted between the protocol and the connection. %package postfix Update: Thu Feb 28 2002 13:32:56 Importance: security %pre As a result of the cyrus-sasl updates (MDKSA-2002:018) announced today, updated postfix packages are available that fix some problems with SASL authentication in 8.1 (build error not including SASL support), and introduce SASL support into the Mandrake Linux 8.0 packages. %description Postfix aims to be an alternative to the widely-used sendmail program. Sendmail is responsible for 70 percent of all e-mail delivered on the Internet. With an estimated 100 million users, that's an estimated 10 billion (10^10) messages daily. A stunning number. Although IBM supported the Postfix development, it abstains from control over its evolution. The goal is to have Postfix installed on as many systems as possible. To this end, the software is given away with no strings attached to it, so that it can evolve with input from and under control by its users. %package openssh Update: Thu Mar 7 2002 18:36:09 Importance: security %pre Joost Pol found a bug in the channel code of all versions of OpenSSH from 2.0 to 3.0.2. This bug can allow users with an existing account on the system to obtain root privilege. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package mod_ssl Update: Thu Mar 7 2002 18:36:28 Importance: security %pre Ed Moyle discovered a buffer overflow in mod_ssl's session caching mechanisms that use shared memory and dbm. This could potentially be triggered by sending a very long client certificate to the server. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package mod_frontpage Update: Thu Mar 7 2002 18:39:12 Importance: security %pre A problem was found in versions of improved mod_frontpage prior to 1.6.1 regarding a lack of boundary checks in fpexec.c. This means that the suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. Although there are no known exploits available, if you use mod_frontpage you are strongly encouraged to upgrade. This update for Mandrake Linux has been completely reworked and is easier to configure and use, as well as supporting the new FrontPage 2002 extensions. %description This is a module for the Apache HTTP Server . It replaces the Apache-FP patches and module supplied with the FrontPage Server Extensions available from Microsoft and Ready-to-Run Software . Using this module allows you to use advanced features of the FrontPage client with your Apache HTTP Server (e.g. creating FrontPage-extended subwebs using the FrontPage client in contrast to creating them as user "root" with "fpinstall.sh" or the "fpsrvadm.exe"-utility on the system's shell). %package zlib Update: Mon Mar 11 2002 20:51:12 Importance: security %pre Matthias Clasen found a security issue in zlib that, when provided with certain input, causes zlib to free an area of memory twice. This "double free" bug can be used to crash any programs that take untrusted compressed input, such as web browsers, email clients, image viewing software, etc. This vulnerability can be used to perform Denial of Service attacks and, quite possibly, the execution of arbitrary code on the affected system. MandrakeSoft has published two advisories concerning this incident: MDKSA-2002:022 - zlib MDKSA-2002:023 - packages containing zlib The second advisory contains additional packages that bring their own copies of the zlib source, and as such need to be fixed and rebuilt. Updating the zlib library is sufficient to protect those programs that use the system zlib, but the packages as noted in MDKSA-2002:023 will need to be updated for those packages that do not use the system zlib. %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package rsync Update: Wed Mar 13 2002 14:18:05 Importance: security %pre Ethan Benson discovered a bug in rsync where the supplementary groups that the rsync daemon runs as (such as root) would not be removed from the server process after changing to the specified unprivileged uid and gid. This seems only serious if rsync is called using "rsync --daemon" from the command line where it will inherit the group of the user starting the server (usually root). Note that, by default, Mandrake Linux uses xinetd to handle connections to the rsync daemon. This was fixed upstream in version 2.5.3, as well as the previously noted zlib fixes (see MDKSA-2002:023). The authors released 2.5.4 with some additional zlib fixes, and all users are encouraged to upgrade to this new version of rsync. %description Rsync uses a quick and reliable algorithm to very quickly bring remote and host files into sync. Rsync is fast because it just sends the differences in the files over the network (instead of sending the complete files). Rsync is often used as a very powerful mirroring process or just as a more capable replacement for the rcp command. A technical report which describes the rsync algorithm is included in this package. Install rsync if you need a powerful mirroring program. %package libsafe Update: Thu Apr 11 2002 13:47:35 Importance: security %pre Wojciech Purczynski discovered that format string protection in libsafe can be easily bypassed by using flag characters that are implemented in glibc but are not implemented in libsafe. It was also discovered that *printf function wrappers incorrectly parse argument indexing in format strings, making some incorrect assumptions on the number of arguments and conversion specifications. These problems were fixed by the libsafe authors in 2.0-12. %description The libsafe library is designed to overwrite dangerous library C function like strcpy / snprintf and perform bound checking on the destination buffer address in order to detect an eventual Stack Overflow attempt. The libsafe library protects a process against the exploitation of buffer overflow vulnerabilities in process stacks. Libsafe works with any existing pre-compiled executable and can be used transparently, even on a system-wide basis. The method intercepts all calls to library functions that are known to be vulnerable. A substitute version of the corresponding function implements the original functionality, but in a manner that ensures that any buffer overflows are contained within the current stack frame. Libsafe has been shown to detect several known attacks and can potentially prevent yet unknown attacks. Experiments indicate that the performance overhead of libsafe is negligible. %package squid Update: Mon Apr 16 2002 14:42:23 Importance: security %pre A security issue has recently been found and fixed in the Squid-2.X releases up to and including 2.4.STABLE4. Error and boundary conditions were not checked when handling compressed DNS answer messages in the internal DNS code (lib/rfc1035.c). A malicous DNS server could craft a DNS reply that causes Squid to exit with a SIGSEGV. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package sudo Update: Thu Apr 25 2002 11:13:12 Importance: security %pre A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p). Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users. %description Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. %package imlib Update: Thu Apr 25 2002 12:50:49 Importance: security %pre Previous versions of imlib, prior to 1.9.13, would fall back to the NetPBM library which is not suitable for loading untrusted images due to various problem in it's code. The new imlib also fixes some problems with arguments passed to malloc(). These problems could allow attackers to construct images that could cause crashes or, potentially, the execution of arbitrary code when said images are loaded by a viewer that uses imlib. Thanks to Alan Cox and Al Viro for discovering the problems. %description Imlib is a display depth independent image loading and rendering library. Imlib is designed to simplify and speed up the process of loading images and obtaining X Window System drawables. Imlib provides many simple manipulation routines which can be used for common operations. Install imlib if you need an image loading and rendering library for X11R6. You may also want to install the imlib-cfgeditor package, which will help you configure Imlib. %package tcpdump Update: Thu May 16 2002 11:15:24 Importance: security %pre Several buffer overflows were found in the tcpdump package by FreeBSD developers during a code audit, in versions prior to 3.5. However, newer versions of tcpdump, including 3.6.2, are also vulnerable to another buffer overflow in the AFS RPC decoding functions, which was discovered by Nick Cleaton. These vulnerabilities could be used by a remote attacker to crash the the tcpdump process or possibly even be exploited to execute arbitrary code as the user running tcpdump, which is usually root. The newer libpcap 0.6 has also been audited to make it more safe by implementing better buffer boundary checks in several functions. %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package webmin Update: Tue May 21 2002 15:21:31 Importance: security %pre A vulnerability exists in all versions of Webmin prior to 0.970 that allows a remote attacker to login to Webmin as any user. All users of Webmin are encouraged to upgrade immediately. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package imap Update: Mon May 27 2002 13:38:29 Importance: security %pre A buffer overflow was discovered in the imap server that could allow a malicious user to run code on the server with the uid and gid of the email owner by constructing a malformed request that would trigger the buffer overflow. However, the user must successfully authenticate to the imap service in order to exploit it, which limits the scope of the vulnerability somewhat, unless you are a free mail provider or run a mail service where users do not already have shell access to the system. %description The imap package provides server daemons for both the IMAP (Internet Message Access Protocol) and POP (Post Office Protocol) mail access protocols. The POP protocol uses a "post office" machine to collect mail for users and allows users to download their mail to their local machine for reading. The IMAP protocol provides the functionality of POP, but allows a user to read mail on a remote machine without downloading it to their local machine. Install the imap package if you need a server to support the IMAP or the POP mail access protocols. %package fetchmail Update: Tue May 28 2002 09:47:41 Importance: security %pre A problem was discovered with versions of fetchmail prior to 5.9.10 that was triggered by retreiving mail from an IMAP server. The fetchmail client will allocate an array to store the sizes of the messages it is attempting to retrieve. This array size is determined by the number of messages the server is claiming to have, and fetchmail would not check whether or not the number of messages the server was claiming was too high. This would allow a malicious server to make the fetchmail process write data outside of the array bounds. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package bind Update: Tue Jun 04 2002 12:32:25 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the $GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. %package apache Update: Fri Jun 21 2002 09:46:39 Importance: security %pre A Denial of Service attack was discovered by Mark Litchfield in the Apache webserver. As well, while investigating this problem, the Apache Software Foundation discovered that the code for handling invalid requests that use chunked encoding may also allow arbitrary code to be executed on 64bit architectures. All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. This update provides patched versions of Apache for the remaining supported Mandrake Linux versions. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This special version also includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, Hotwired XSSI module, hooks for SSL module and several cosmetic improvements. Also included is the FrontPage 2000 patch, however you need to install the frontpage package to enable it. %package openssh Update: Mon Jun 24 2002 17:43:12 Importance: security %pre Details of an upcoming OpenSSH vulnerability will be published early next week. According to the OpenSSH team, this remote vulnerability cannot be exploited when sshd is running with privilege separation. The priv separation code is significantly improved in version 3.3 of OpenSSH which was released on June 21st. Unfortunately, there are some known problems with this release; compression does not work on all operating systems and the PAM support has not been completed. The OpenSSH team encourages everyone to upgrade to version 3.3 immediately and enable privilege separation. This can be enabled by placing in your /etc/ssh/sshd_config file the following: UsePrivilegeSeparation yes The vulnerability that will be disclosed next week is not fixed in version 3.3 of OpenSSH, however with priv separation enabled, you will not be vulnerable to it. This is because privilege separation uses a seperate non-privileged process to handle most of the work, meaning that any vulnerability in this part of OpenSSH will never lead to a root compromise. Only access as the non-privileged user restricted in chroot would be available. MandrakeSoft encourages all of our users to upgrade to the updated packages immediately. This update creates a new user and group on the system named sshd that is used to run the non-privileged processes. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package rpm-macros Update: Mon Jun 24 2002 23:27:33 Importance: general %pre A new package is available that provides older distributions with the same rpm macros that are available in Mandrake Linux 8.2. This is useful for people and developers who wish to rebuild packages from 8.2 or Cooker on older distributions. Install the rpm-macros package to import these new macros into your system; the package is not required o update packages in updates if you are not interested in rebuilding source RPM packages. %description Install this package if you want the latest macros used by more modern Mandrake Linux distributions. %package openssh Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-clients Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-server Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-askpass Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package openssh-askpass-gnome Update: Tue Jul 02 2002 11:18:27 Importance: security %pre An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this is the default behaviour of OpenSSH. To protect yourself, users should be using OpenSSH 3.3 with UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly recommended that all Mandrake Linux users upgrade to version 3.4 which corrects these errors. There are a few caveats with this upgrade, however, that users should be aware of: - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of Compression and UsePrivilegeSeparation are mutually exclusive. You can use one feature or the other, not both; we recommend disabling Compression and using privsep until this can be resolved. - Using privsep may cause some PAM modules which expect to run with root privilege to fail. For instance, users will not be able to change their password if they attempt to log into an account with an expired password. If you absolutely must use one of these features that conflict with privsep, you can disable it in /etc/ssh/sshd_config by using: UsePrivilegeSeparation no However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH will be made available once these problems are resolved. %description Ssh (Secure Shell) a program for logging into a remote machine and for executing commands in a remote machine. It is intended to replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. OpenSSH is OpenBSD's rework of the last free version of SSH, bringing it up to date in terms of security and features, as well as removing all patented algorithms to separate libraries (OpenSSL). This package includes the core files necessary for both the OpenSSH client and server. To make this package useful, you should also install openssh-clients, openssh-server, or both. %package kernel Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel-secure Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a SECURE version of the Linux 2.4.18 kernel. This package add options for kernel that make it more secure for servers and such. See : http://grsecurity.net/features.htm for list of features we have included. %package kernel-smp Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a SMP version of the Linux 2.4.18 kernel. It is required only on machines with two or more CPUs, although it should work fine on single-CPU boxes. %package kernel-enterprise Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a kernel that has appropriate configuration options enabled for the typical large enterprise server. This includes SMP support for multiple processor machines, support for large memory configurations and other appropriate items. %package kernel22 Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description The kernel package contains the Linux kernel (vmlinuz), the core of your Mandrake Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. %package kernel22-smp Update: Wed Jul 03 2002 15:42:39 Importance: security %pre A problem was discovered in the CIPE (VPN tunnel) implementation in the Linux kernel where a malformed packet could cause a crash. Andrew Griffiths discovered a vulnerability that allows remote machines to read random memory by utilizing a bug in the ICMP implementation of Linux kernels. This only affects kernels prior to 2.4.0-test6 and 2.2.18; all Mandrake Linux 2.4 kernels are not vulnerable to this problem. Another problem was discovered by the Linux Netfilter team in the IRC connection tracking component of netfilter in Linux 2.4 kernels. It consists of a very broad netmask setting which is applied to check if an IRC DCC connection through a masqueraded firewall should be allowed. This would lead to unwanted ports being opened on the firewall which could possibly allow inbound connections depending on the firewall rules in use. The 2.2 and 2.4 kernels are also affected by the zlib double-free() problem as routines from the compression library are used by functions that uncompress filesystems loaded into ramdisks and other occassions that are not security-critical. The kernel also uses the compression library in the PPP layer as well as the freeswan IPSec kernel module. As well, a number of other non-security fixes are present in these kernels, including new and enhanced drivers, LSB compliance, and more. MandrakeSoft encourages all users to upgrade their kernel as soon as possible to these new 2.2 and 2.4 kernels. NOTE: This update cannot be accomplished via MandrakeUpdate; it must be done on the console. This prevents one from upgrading a kernel instead of installing a new kernel. To upgrade, please ensure that you have first upgraded iptables, mkinitrd, and initscripts packages if they are applicable to your platform. Use "rpm -ivh kernel_package" to install the new kernel. Prior to rebooting, double-check your /etc/lilo.conf, /boot/grub/menu.lst, or /etc/yaboot.conf (PPC users only) to ensure that you are able to boot properly into both old and new kernels (this will allow you to boot into the old kernel if the new kernel does not work to your liking). LILO users should execute "/sbin/lilo -v", GRUB users should execute "sh /boot/grun/install.sh", and PPC users must type "/sbin/ybin -v" to write the boot record in order to reboot into the new kernel if you made any changes to the respective boot configuration files. %description This package includes a SMP version of the Linux 2.2.20 kernel. It is required only on machines with two or more CPUs, although it should work fine on single-CPU boxes. %package mkinitrd Update: Wed Jul 03 2002 15:42:39 Importance: normal %pre This is an updated mkinitrd, required for the newer 2.4.18 kernels. %description Mkinitrd creates filesystem images for use as initial ramdisk (initrd) images. These ramdisk images are often used to preload the block device modules (SCSI or RAID) needed to access the root filesystem. In other words, generic kernels can be built without drivers for any SCSI adapters which load the SCSI driver as a module. Since the kernel needs to read those modules, but in this case it isn't able to address the SCSI adapter, an initial ramdisk is used. The initial ramdisk is loaded by the operating system loader (normally LILO) and is available to the kernel as soon as the ramdisk is loaded. The ramdisk image loads the proper SCSI adapter and allows the kernel to mount the root filesystem. The mkinitrd program creates such a ramdisk using information found in the /etc/modules.conf file. %package iptables Update: Wed Jul 03 2002 15:42:39 Importance: normal %pre This is a new version of iptables which is required for the 2.4.18 kernel updates. %description iptables controls the Linux kernel network packet filtering code. It allows you to set up firewalls and IP masquerading, etc. Install iptables if you need to set up firewalling for your network. Install this only if you are using the 2.4 kernels!! %package iptables-ipv6 Update: Wed Jul 03 2002 15:42:39 Importance: normal %pre This is a new version of iptables which is required for the 2.4.18 kernel updates. %description IPv6 support for iptables. iptables controls the Linux kernel network packet filtering code. It allows you to set up firewalls and IP masquerading, etc. IPv6 is the next version of the IP protocol. Install iptables-ipv6 if you need to set up firewalling for your network and you're using ipv6. %package initscripts Update: Wed Jul 03 2002 15:42:39 Importance: normal %pre This is a new version of initscripts which is required for the 2.4.18 kernel updates. %description The initscripts package contains the basic system scripts used to boot your Mandrake system, change run levels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. %package squid Update: Wed Jul 17 2002 10:29:27 Importance: security %pre Numerous security problems were fixed in squid-2.4.STABLE7. This releases has several bugfixes to the Gopher client to correct some security issues. Security fixes to how squid parses FTP directory listings into HTML have been implemented. A security fix to how squid forwards proxy authentication credentials has been applied, as well as the MSNT auth helper has been updated to fix buffer overflows in the helper. Finally, FTP data channels are now sanity checked to match the address of the requested FTP server, which prevents injection of data or theft. %description Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. Install squid if you need a proxy caching server. %package mm Update: Mon Jul 29 2002 10:52:13 Importance: security %pre Marcus Meissner discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user (typically apache or nobody) is already obtained. %description The MM library is a 2-layer abstraction library which simplifies the usage of shared memory between forked (and this way strongly related) processes under Unix platforms. On the first layer it hides all platform dependent implementation details (allocation and locking) when dealing with shared memory segments and on the second layer it provides a high-level malloc(3)- style API for a convenient and well known way to work with data-structures inside those shared memory segments. The library is released under the term of an open-source (BSD-style) license because it's originally written for a proposed use inside next versions of the Apache webserver as a base library for providing shared memory pools to Apache modules (because currently Apache modules can only use heap-allocated memory which isn't shared accross the pre-forked server processes). The requirement actually comes from comprehensive modules like mod_ssl, mod_perl and mod_php which would benefit a lot from easy to use shared memory pools. Mostly all functionality (except for shared locks in addition to exclusive locks and multi-segment memory areas instead of single-segment memory areas) is already implemented and the library already works fine under FreeBSD, Linux and Solaris and should also adjust itself for most other Unix platforms with it's GNU Autoconf and GNU Libtool based configuration and compilation procedure. %package openssl Update: Tue Jul 30 2002 10:59:31 Importance: security %pre An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory: 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable. Finally, a vulnerability was found by Adi Stav and James Yonan independantly in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability. All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems, except for the ASN1 vulnerability, which a fix will be provided for once MandrakeSoft has had a chance to QA the new packages. In the meantime, it is is strongly encouraged that all users upgrade to these OpenSSL packages. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package openssl Update: Tue Aug 06 2002 12:08:12 Importance: security %pre An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory: 1. The client master key in SSL2 could be oversized and overrun a buffer. This vulnerability was also independently discovered by consultants at Neohapsis (http://www.neohapsis.com/) who have also demonstrated that the vulerability is exploitable. Exploit code is NOT available at this time. 2. The session ID supplied to a client in SSL3 could be oversized and overrun a buffer. 3. The master key supplied to an SSL3 server could be oversized and overrun a stack-based buffer. This issues only affects OpenSSL 0.9.7 with Kerberos enabled. 4. Various buffers for ASCII representations of integers were too small on 64 bit platforms. At the same time, various potential buffer overflows have had assertions added; these are not known to be exploitable. Finally, a vulnerability was found by Adi Stav and James Yonan independantly in the ASN1 parser which can be confused by supplying it with certain invalid encodings. There are no known exploits for this vulnerability. All of these vulnerabilities are fixed in OpenSSL 0.9.6f. Patches have been applied to the versions of OpenSSL provided in this update to fix all of these problems. Update: These new OpenSSL packages are available to additionally fix the ASN1 vulnerability described above. All Mandrake Linux users are encouraged to upgrade to these new packages. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package util-linux Update: Thu Aug 08 2002 11:22:12 Importance: security %pre Michal Zalewski found a vulnerability in the util-linux package with the chfn utility. This utility allows users to modify some information in the /etc/passwd file, and is installed setuid root. Using a carefully crafted attack sequence, an attacker can exploit a complex file locking and modification race that would allow them to make changes to the /etc/passwd file. To successfully exploit this vulnerability and obtain privilege escalation, there is a need for some administrator interaction, and the password file must over over 4kb in size; the attacker's entry cannot be in the last 4kb of the file. %description The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. %package mod_ssl Update: Thu Aug 08 2002 11:22:12 Importance: security %pre Frank Denis discovered an off-by-one error in mod_ssl dealing with the handling of older configuration directorives (the rewrite_command hook). A malicious user could use a specially-crafted .htaccess file to execute arbitrary commands as the apache user or execute a DoS against the apache child processes. This vulnerability is fixed in mod_ssl 2.8.10; patches have been applied to correct this problem in these packages. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package libpng2 Update: Tue Aug 13 2002 11:50:28 Importance: security %pre A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing "lsof|grep libpng" or "fuser -v /usr/lib/libpng.so". %description This package contains the library needed to run programs dynamically linked with libpng. %package libpng2-devel Update: Tue Aug 13 2002 11:50:28 Importance: security %pre A buffer overflow was found in the in the progressive reader of the PNG library when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. These deliberately malformed datastreams would crash applications thus potentially allowing an attacker to execute malicious code. Many programs make use of the PNG libraries, including web browsers. This overflow is corrected in versions 1.0.14 and 1.2.4 of the PNG library. In order to have the system utilize the upgraded packages after the upgrade, you must restart all running applications that are linked to libpng. You can obtain this list by executing "lsof|grep libpng" or "fuser -v /usr/lib/libpng.so". %description The libpng-devel package contains the header files and static libraries necessary for developing programs using the PNG (Portable Network Graphics) library. If you want to develop programs which will manipulate PNG image format files, you should install libpng-devel. You'll also need to install the libpng package. %package glibc Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support and timezone databases. %package glibc-devel Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description The glibc-devel package contains the header and object files necessary for developing programs which use the standard C libraries (which are used by nearly all programs). If you are developing programs which will use the standard C libraries, your system needs to have these standard header and object files available in order to create the executables. Install glibc-devel if you are going to develop programs which will use the standard C libraries. %package glibc-profile Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description The glibc-profile package includes the GNU libc libraries and support for profiling using the gprof program. Profiling is analyzing a program's functions to see how much CPU time they use and determining which functions are calling other functions during execution. To use gprof to profile a program, your program needs to use the GNU libc libraries included in glibc-profile (instead of the standard GNU libc libraries included in the glibc package). If you are going to use the gprof program to profile a program, you'll need to install the glibc-profile program. %package nscd Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description Nscd caches name service lookups and can dramatically improve performance with NIS+, and may help with DNS as well. Note that you can't use nscd with 2.0 kernels because of bugs in the kernel-side thread support. Unfortunately, nscd happens to hit these bugs particularly hard. Install nscd if you need a name service lookup caching daemon, and you're not using a version 2.0 kernel. %package ldconfig Update: Tue Aug 13 2002 13:16:08 Importance: security %pre A buffer overflow vulnerability was found in the way that the glibc resolver handles the resolution of network names and addresses via DNS in glibc versions 2.2.5 and earlier. Only systems using the "dns" entry in the "networks" database in /etc/nsswitch.conf are vulnerable to this issue. By default, Mandrake Linux has this database set to "files" and is not vulnerable. Likewise, a similar bug is in the glibc-compat packages which provide compatability for programs compiled against 2.0.x versions of glibc. %description Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package xchat Update: Wed Aug 14 2002 10:02:07 Importance: security %pre In versions of the xchat IRC client prior to version 1.8.9, xchat does not filter the response from an IRC server when a /dns query is executed. xchat resolves hostnames by passing the configured resolver and hostname to a shell, so an IRC server may return a malicious response formatted so that arbitrary commands are executed with the privilege of the user running xchat. %description X-Chat is yet another IRC client for the X Window System, using the Gtk+ toolkit. It is pretty easy to use compared to the other Gtk+ IRC clients and the interface is quite nicely designed. %package sharutils Update: Wed Aug 14 2002 10:02:07 Importance: security %pre The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe. %description The sharutils package contains the GNU shar utilities, a set of tools for encoding and decoding packages of files (in binary or text format) in a special plain text format called shell archives (shar). This format can be sent through email (which can be problematic for regular binary files). The shar utility supports a wide range of capabilities (compressing, uuencoding, splitting long files for multi-part mailings, providing checksums), which make it very flexible at creating shar files. After the files have been sent, the unshar tool scans mail messages looking for shar files. Unshar automatically strips off mail headers and introductory text and then unpacks the shar files. Install sharutils if you send binary files through email very often. %package bind Update: Wed Aug 14 2002 14:06:12 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Red Hat for backporting the patches from 8.3.3 to 9.2.1. %description BIND (Berkeley Internet Name Domain) is an implementation of the DNS (domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses, and a resolver library (routines for applications to use when interfacing with DNS). A DNS server allows clients to name resources or objects and share the information with other network machines. The named DNS server can be used on workstations as a caching name server, but is generally only needed on one machine for an entire network. Note that the configuration files for making BIND act as a simple caching nameserver are included in the caching-nameserver package. Install the bind package if you need a DNS server for your network. If you want bind to act a caching name server, you will also need to install the caching-nameserver package. Many BIND 8 features previously unimplemented in BIND 9, including domain-specific forwarding, the $GENERATE master file directive, and the "blackhole", "dialup", and "sortlist" options Forwarding of dynamic update requests; this is enabled by the "allow-update-forwarding" option A new, simplified database interface and a number of sample drivers based on it; see doc/dev/sdb for details Support for building single-threaded servers for environments that do not supply POSIX threads New configuration options: "min-refresh-time", "max-refresh-time", "min-retry-time", "max-retry-time", "additional-from-auth", "additional-from-cache", "notify explicit" Faster lookups, particularly in large zones. %package bind-devel Update: Wed Aug 14 2002 14:06:12 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Red Hat for backporting the patches from 8.3.3 to 9.2.1. %description The bind-devel package contains all the include files and the library required for DNS (Domain Name Service) development for BIND versions 9.x.x. %package bind-utils Update: Wed Aug 14 2002 14:06:12 Importance: security %pre A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1. An error condition will trigger the shutdown of the server when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL as expected. This condition causes the server to assert an error message and shutdown the BIND server. The error condition can be remotely exploited by a special DNS packet. This can only be used to create a Denial of Service on the server; the error condition is correctly detected, so it will not allow an attacker to execute arbitrary code on the server. Update: Sascha Kettler noticed that the version of BIND9 supplied originally was in fact 9.2.1RC1 and mis-labelled as 9.2.1. The packages provided in this update are BIND 9.2.1 final. Likewise, the buffer overflow in the DNS resolver libraries, as noted in MDKSA-2002:043, has also been fixed. Thanks to Red Hat for backporting the patches from 8.3.3 to 9.2.1. %description Bind-utils contains a collection of utilities for querying DNS (Domain Name Service) name servers to find out information about Internet hosts. These tools will provide you with the IP addresses for given host names, as well as other information about registered domains and network addresses. You should install bind-utils if you need to get information from DNS name servers. %package caching-nameserver Update: Wed Aug 14 2002 14:06:12 Importance: bugfix %pre The caching-nameserver improperly contains the named.ca root servers list instead of the bind package itself. This update fixes the problem. %description The caching-nameserver package includes the configuration files which will make BIND, the DNS name server, act as a simple caching nameserver. Many users on dialup connections use this package along with BIND for such a purpose. If you would like to set up a caching name server, you'll need to install the caching-nameserver package; you'll also need to install bind. %package gaim Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable. %description Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just load the plugin for it. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by AOL. %package hylafax Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. You need this package if you are going to install hylafax-client and/or hylafax server. %package hylafax-client Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. This is the client portion of HylaFAX. %package hylafax-server Update: Thu Aug 29 2002 10:29:01 Importance: security %pre Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places. A remote sender using a specially formatted TSI string can cause the faxgetty program to segfault, resulting in a denial of service. Format string vulnerabilities were also discovered by Christer Oberg, which exist in a number of utilities bundled with HylaFax, such as faxrm, faxalter, faxstat, sendfax, sendpage, and faxwatch. If any of these tools are setuid, they could be used to elevate system privileges. Mandrake Linux does not, by default, install these tools setuid. Finally, Lee Howard discovered that faxgetty would segfault due to a buffer overflow after receiving a very large line of image data. This vulnerability could conceivably be used to execute arbitrary commands on the system as root, and could also be exploited more easily as a denial of sevice. %description HylaFAX(tm) is a sophisticated enterprise-strength fax package for class 1 and 2 fax modems on unix systems. It provides spooling services and numerous supporting fax management tools. The fax clients may reside on machines different from the server and client implementations exist for a number of platforms including windows. This is the server portion of HylaFAX. %package php Update: Tue Sep 10 2002 13:41:05 Importance: security %pre A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these packages, execute "service httpd restart" as root in order to close the hole immediately. %description PHP4 is an HTML-embeddable scripting language. PHP offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled script with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. This package contains a standalone (CGI) version of php. You must also install php4-common. If you need apache module support, you also need to install the mod_php package %package php-common Update: Tue Sep 10 2002 13:41:05 Importance: security %pre A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these packages, execute "service httpd restart" as root in order to close the hole immediately. %description This package provides the common files to run with different implementations of PHP. You need this package if you install the php standalone package or a webserver with php support (ie: mod_php). %package php-devel Update: Tue Sep 10 2002 13:41:05 Importance: security %pre A fifth parameter was added to PHP's mail() function in 4.0.5 that is not properly sanitized when the server is running in safe mode. This vulnerability would allow local users and, possibly, remote attackers to execute arbitrary commands using shell metacharacters. After upgrading to these packages, execute "service httpd restart" as root in order to close the hole immediately. %description The php-devel package lets you compile dynamic extensions to PHP4. Included here is the source for the php extensions. Instead of recompiling the whole php binary to add support for, say, oracle, install this package and use the new self-contained extensions support. For more information, read the file SELF-CONTAINED-EXTENSIONS. %package glibc Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support and timezone databases. %package glibc-devel Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description The glibc-devel package contains the header and object files necessary for developing programs which use the standard C libraries (which are used by nearly all programs). If you are developing programs which will use the standard C libraries, your system needs to have these standard header and object files available in order to create the executables. Install glibc-devel if you are going to develop programs which will use the standard C libraries. %package glibc-profile Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description The glibc-profile package includes the GNU libc libraries and support for profiling using the gprof program. Profiling is analyzing a program's functions to see how much CPU time they use and determining which functions are calling other functions during execution. To use gprof to profile a program, your program needs to use the GNU libc libraries included in glibc-profile (instead of the standard GNU libc libraries included in the glibc package). If you are going to use the gprof program to profile a program, you'll need to install the glibc-profile program. %package nscd Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description Nscd caches name service lookups and can dramatically improve performance with NIS+, and may help with DNS as well. Note that you can't use nscd with 2.0 kernels because of bugs in the kernel-side thread support. Unfortunately, nscd happens to hit these bugs particularly hard. Install nscd if you need a name service lookup caching daemon, and you're not using a version 2.0 kernel. %package ldconfig Update: Mon Sep 23 2002 11:05:12 Importance: security %pre A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability. %description Ldconfig is a basic system program which determines run-time link bindings between ld.so and shared libraries. Ldconfig scans a running system and sets up the symbolic links that are used to load shared libraries properly. It also creates a cache (/etc/ld.so.cache) which speeds the loading of programs which use shared libraries. %package tcl Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tcl is a simple scripting language designed to be embedded into other applications. Tcl is designed to be used with Tk, a widget set, which is provided in the tk package. This package also includes tclsh, a simple example of a Tcl application. If you're installing the tcl package and you want to use Tcl for development, you should also install the tk and tclx packages. %package tcllib Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tcllib is a collection of utility modules for tcl. These modules provide a wide variety of functionality, from implementation of standard data structures to implementation of common networking protocols. the intent is to collect commoly used function into a single library, which users can rely on to be available and stable. %package tclx Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description TclX is a set of extensions which make it easier to use the Tcl scripting language for common UNIX/Linux programming tasks. TclX enhances Tcl support for files, network access, debugging, math, lists, and message catalogs. TclX can be used with both Tcl and Tcl/Tk applications. Install TclX if you are developing applications with Tcl/Tk. You'll also need to install the tcl and tk packages. %package itcl Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description [incr Tcl] is an object-oriented extension of the Tcl language. It was created to support more structured programming in Tcl. Tcl scripts that grow beyond a few thousand lines become extremely difficult to maintain. This is because the building blocks of vanilla Tcl are procedures and global variables, and all of these building blocks must reside in a single global namespace. There is no support for protection or encapsulation. [incr Tcl] introduces the notion of objects. Each object is a bag of data with a set of procedures or "methods" that are used to manipulate it. Objects are organized into "classes" with identical characteristics, and classes can inherit functionality from one another. This object-oriented paradigm adds another level of organization on top of the basic variable/procedure elements, and the resulting code is easier to understand and maintain. %package tk Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tk is a X Windows widget set designed to work closely with the tcl scripting language. It allows you to write simple programs with full featured GUI's in only a little more time then it takes to write a text based interface. Tcl/Tk applications can also be run on Windows and Macintosh platforms. %package tix Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Tix (Tk Interface Extension), an add-on for the Tk widget set, is an extensive set of over 40 widgets. In general, Tix widgets are more complex and more capable than the widgets provided in Tk. Tix widgets include a ComboBox, a Motif-style FileSelectBox, an MS Windows-style FileSelectBox, a PanedWindow, a NoteBook, a hierarchical list, a directory tree and a file manager. Install the tix package if you want to try out more complicated widgets for Tk. You'll also need to have the tcl and tk packages installed. %package expect Update: Mon Sep 23 2002 11:13:58 Importance: security %pre Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library. %description Expect is a tcl extension for automating interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, etc. Expect is also useful for testing the named applications. Expect makes it easy for a script to control another program and interact with it. Install the expect package if you'd like to develop scripts which interact with interactive applications. You'll also need to install the tcl package. %package postgresql Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-devel Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-jdbc Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-python Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-server Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tcl Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-test Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tk Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-odbc Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-perl Updated: Tue Oct 1 12:08:04 2002 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package fetchmail Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmail-daemon Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description SySV init script for demonize fetchmail for sucking emails. %package fetchmailconf Updated: Tue Oct 1 12:11:58 2002 Importance: security %pre Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail. %description Fetchmailconf is a TCL/TK application for graphically configuring your ~/.fetchmailrc preferences file. Fetchmail has many options which can be daunting to the new user. This utility takes some of the guesswork and hassle out of setting up fetchmail. %package unzip Updated: Thu Oct 10 11:28:19 2002 Importance: security %pre A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash). %description unzip will list, test, or extract files from a ZIP archive, commonly found on MS-DOS systems. A companion program, zip, creates ZIP archives; both programs are compatible with archives created by PKWARE's PKZIP and PKUNZIP for MS-DOS, but in many cases the program options or default behaviors differ. This version also has encryption support. %package tar Updated: Thu Oct 10 11:28:56 2002 Importance: security %pre A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename. %description The GNU tar program saves many files together into one archive and can restore individual files (or all of the files) from the archive. Tar can also be used to add supplemental files to an archive and to update or list files in the archive. Tar includes multivolume support, automatic archive compression/ decompression, the ability to perform remote archives and the ability to perform incremental and full backups. If you want to use Tar for remote backups, you'll also need to install the rmt package. You should install the tar package, because you'll find its compression and decompression utilities essential for working with files. %package apache Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-common Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-devel Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-manual Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-modules Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package apache-source Update: Tue Oct 15 2002 09:55:53 Importance: security %pre A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache. All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied. %description Apache is a powerful, full-featured, efficient and freely-available Web server. Apache is also the most popular Web server on the Internet. This version of Apache includes many optimizations, Extended Application Programming Interface (EAPI), Shared memory module, hooks for SSL modules, and several patches/cosmetic improvements. It is also fully modular, and many modules are available in pre-compiled format, like PHP4, the Hotwired XSSI module and Apache-ASP. Also included are special patches to enable FrontPage 2000 support (see mod_frontpage package). %package gv Update: Mon Oct 21 2002 10:59:16 Importance: security %pre A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. %description Gv provides a user interface for the ghostscript PostScript(TM) interpreter. Derived from the ghostview program, gv can display PostScript and PDF documents using the X Window System. Install the gv package if you'd like to view PostScript and PDF documents on your system. You'll also need to have the ghostscript package installed, as well as the X Window System. %package ggv Update: Mon Oct 21 2002 10:59:16 Importance: security %pre A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. %description ggv allows you to view PostScript documents, and print ranges of pages. %package tetex Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-afm Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-doc Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-dvilj Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-latex Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-xdvi Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package tetex-dvipdfm Updated: Tue Oct 22 11:47:25 2002 Importance: security %pre A vulnerability was discovered in dvips by Olaf Kirch that would allow remote users with access to the printer to execute commands as the lp user through sending special print jobs to the printer. %description teTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter independent .dvi (DeVice Independent) file as output. Usually, TeX is used in conjunction with a higher level formatting package like LaTeX or PlainTeX, since TeX by itself is not very user-friendly. Install teTeX if you want to use the TeX text formatting system. If you are installing teTeX, you will also need to install tetex-afm (a PostScript(TM) font converter for TeX), tetex-dvilj (for converting .dvi files to HP PCL format for printing on HP and HP compatible printers), tetex-dvips (for converting .dvi files to PostScript format for printing on PostScript printers), tetex-latex (a higher level formatting package which provides an easier-to-use interface for TeX) and tetex-xdvi (for previewing .dvi files in X). Unless you're an expert at using TeX, you'll also want to install the tetex-doc package, which includes the documentation for TeX. %package mod_ssl Updated: Thu Oct 24 11:01:45 2002 Importance: security %pre A cross-site scripting vulnerability was discovered in mod_ssl by Joe Orton. This only affects servers using a combination of wildcard DNS and "UseCanonicalName off" (which is not the default in Mandrake Linux). With this setting turned off, Apache will attempt to use the hostname:port that the client supplies, which is where the problem comes into play. With this setting turned on (the default), Apache constructs a self-referencing URL and will use ServerName and Port to form the canonical name. It is recommended that all users upgrade, regardless of the setting of the "UseCanonicalName" configuration option. %description The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL, which is based on SSLeay from Eric A. Young and Tim J. Hudson. The mod_ssl package was created in April 1998 by Ralf S. Engelschall and was originally derived from software developed by Ben Laurie for use in the Apache-SSL HTTP server project. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes. %package nss_ldap Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package pam_ldap Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow. A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow. Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist. All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules. %description This package includes two LDAP access clients: nss_ldap and pam_ldap. Nss_ldap is a set of C library extensions which allows X.500 and LDAP directory servers to be used as a primary source of aliases, ethers, groups, hosts, networks, protocol, users, RPCs, services and shadow passwords (instead of or in addition to using flat files or NIS). %package perl-MailTools Updated: Thu Nov 7 11:03:12 2002 Importance: security %pre A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body. This module is used by some auto-response programs and spam filters which make use of Mail::Mailer. %description This is MailTools, a set of perl modules related to mail applications %package ypserv Update: Mon Nov 18 2002 11:32:12 Importance: security %pre A memory leak that could be triggered remotely was discovered in ypserv 2.5 and earlier. This could lead to a Denial of Service as repeated requests for a non-existant map will result in ypserv consuming more and more memory, and also running more slowly. If the system runs out of available memory, ypserv would also be killed. %description The Network Information Service (NIS) is a system which provides network information (login names, passwords, home directories, group information) to all of the machines on a network. NIS can enable users to login on any machine on the network, as long as the machine has the NIS client programs running and the user's password is recorded in the NIS passwd database. NIS was formerly known as Sun Yellow Pages (YP). This package provides the NIS server, which will need to be running on your network. NIS clients do not need to be running the server. Install ypserv if you need an NIS server for your network. You'll also need to install the yp-tools and ypbind packages onto any NIS client machines. %package python Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package python-devel Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package python-docs Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package tkinter Updated: Mon Nov 25 12:16:04 2002 Importance: security %pre A vulnerability was discovered in python by Zack Weinberg in the way that the execvpe() method from the os.py module uses a temporary file name. The file is created in an unsafe manner and execvpe() tries to execute it, which can be used by a local attacker to execute arbitrary code with the privilege of the user running the python code that is using this method. %description Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM. Note that documentation for Python is provided in the python-docs package. %package sendmail Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Wed Nov 27 12:08:04 2002 Importance: security %pre A vulnerability was discovered by zen-parse and Pedram Amini in the sendmail MTA. They found two ways to exploit smrsh, an application intended as a replacement for the sh shell for use with sendmail; the first by inserting specially formatted commands in the ~/.forward file and secondly by calling smrsh directly with special options. These can be exploited to give users with no shell account, or those not permitted to execute certain programs or commands, the ability to bypass these restrictions. %description The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another. Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package pine Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre A vulnerability was discovered in pine while parsing and escaping characters of email addresses; not enough memory is allocated for storing the escaped mailbox part of the address. The resulting buffer overflow on the heap makes pine crash. This new version of pine, 4.50, has the vulnerability fixed. It also offers many other bug fixes and new features. %description Pine is a very popular, easy to use, full-featured email user agent which includes a simple text editor called pico. Pine supports MIME extensions and can also be used to read news. Pine also supports IMAP, mail and MH style folders. Pine should be installed because Pine is a very commonly used email user agent and it is currently in development. %package WindowMaker Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package WindowMaker-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package libwraster2 Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package libwraster2-devel Updated: Mon Dec 2 13:54:23 2002 Importance: security %pre Al Viro discovered a vulnerability in the WindowMaker window manager. A function used to load images, for example when configuring a new background image or previewing themes, contains a buffer overflow. The function calculates the amount of memory necessary to load the image by doing some multiplication but does not check the results of this multiplication, which may not fit into the destination variable, resulting in a buffer overflow when the image is loaded. %description Window Maker is an X11 window manager which emulates the look and feel of the NeXTSTEP (TM) graphical user interface. It is relatively fast, feature rich and easy to configure and use. Window Maker is part of the official GNU project, which means that Window Maker can interoperate with other GNU projects, such as GNOME. Window Maker allows users to switch themes 'on the fly,' to place favorite applications on either an application dock, similar to AfterStep's Wharf or on a workspace dock, a 'clip' which extends the application dock's usefulness. %package wget Updated: Wed Dec 11 12:12:40 2002 Importance: security %pre A vulnerability in all versions of wget prior to and including 1.8.2 was discovered by Steven M. Christey. The bug permits a malicious FTP server to create or overwriet files anywhere on the local file system by sending filenames beginning with "/" or containing "/../". This can be used to make vulnerable FTP clients write files that can later be used for attack against the client machine. %description GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you're logged out, recursive retrieval of directories, file name wildcard matching, remote file timestamp storage and comparison, use of Rest with FTP servers and Range with HTTP servers to retrieve files over slow or unstable connections, support for Proxy servers, and configurability. %package MySQL-devel Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-shared Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-bench Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-client Updated: Tue Dec 17 12:06:23 2002 Importance: security %pre Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write '\0' to any memory address. Both of these flaws could allow DOS attacks or arbitary code execution within anything linked against libmysqlclient. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package cups Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups-common Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package cups-serial Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libcups1 Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package libcups1-devel Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package printer-testpages Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre iDefense reported several security problems in CUPS that can lead to local and remote root compromise. An integer overflow in the HTTP interface can be used to gain remote access with CUPS privilege. A local file race condition can be used to gain root privilege, although the previous bug must be exploited first. An attacker can remotely add printers to the vulnerable system. A remote DoS can be accomplished due to negative length in the memcpy() call. An integer overflow in image handling code can be used to gain higher privilege. An attacker can gain local root privilege due to a buffer overflow of the 'options' buffer. A design problem can be exploited to gain local root access, however this needs an added printer (which can also be done, as per a previously noted bug). Wrong handling of zero-width images can be abused to gain higher privilege. Finally, a file descriptor leak and DoS due to missing checks of return values of file/socket operations. MandrakeSoft recommends all users upgrade these CUPS packages immediately. %description The Common Unix Printing System provides a portable printing layer for UNIX(TM) operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces. This is the main package needed for CUPS servers (machines where a printer is connected to or which host a queue for a network printer). It can also be used on CUPS clients so that they simply pick up broadcasted printer information from other CUPS servers and do not need to be assigned to a specific CUPS server by an /etc/cups/client.conf file. %package xpdf Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre The pdftops filter found in both the xpdf and CUPS packages suffers from an integer overflow that can be exploited to gain the privilege of the victim user. %description Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. PDF files are sometimes called Acrobat files, after Adobe Acrobat (Adobe's PDF viewer). Xpdf is a small and efficient program which uses standard X fonts. %package dhcpcd Updated: Wed Jan 8 22:59:11 2003 Importance: security %pre A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses. Mandrake Linux packages contain a sample /etc/dhcpc/dhcpcd.exe file and encourages all users to upgrade immediately. Please note that when you do upgrade, you will have to restart the network for the changes to take proper effect by issuing "service network restart" as root. %description dhcpcd is an implementation of the DHCP client specified in draft-ietf-dhc-dhcp-09 (when -r option is not speci- fied) and RFC1541 (when -r option is specified). It gets the host information (IP address, netmask, broad- cast address, etc.) from a DHCP server and configures the network interface of the machine on which it is running. It also tries to renew the lease time according to RFC1541 or draft-ietf-dhc-dhcp-09. %package libldap2 Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package libldap2-devel Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package libldap2-devel-static Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_dnssrv Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_ldap Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_passwd Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-back_sql Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-clients Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-guide Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-migration Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package openldap-servers Updated: Tue Jan 14 10:00:34 2002 Importance: security %pre A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well. %description OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. The suite includes a stand-alone LDAP server (slapd), a stand-alone LDAP replication server (slurpd), libraries for implementing the LDAP protocol, and utilities, tools, and sample clients. Install openldap if you need LDAP applications and tools. %package ghostscript Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. In addition, the package contains filters which transfer the raw bitmap of GhostScript into the protocol of some additional printer models. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package ghostscript-module-SVGALIB Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. In addition, the package contains filters which transfer the raw bitmap of GhostScript into the protocol of some additional printer models. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package ghostscript-module-X Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. In addition, the package contains filters which transfer the raw bitmap of GhostScript into the protocol of some additional printer models. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package ghostscript-utils Updated: Tue Jan 21 10:15:12 2003 Importance: security %pre iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem. The first vulnerability is in the mtink binary, which has a buffer overflow in its handling of the HOME environment variable. The second vulnerability is in the escputil binary, which has a buffer overflow in the parsing of the --printer-name command line argument. This is only possible when esputil is suid or sgid; in Mandrake Linux 9.0 it was sgid "sys". Successful exploitation will provide the attacker with the privilege of the group "sys". The third vulnerability is in the ml85p binary which contains a race condition in the opening of a temporary file. By default this file is installed suid root so it can be used to gain root privilege. The only caveat is that this file is not executable by other, only by root or group "sys". Using either of the two previous vulnerabilities, an attacker can exploit one of them to obtain "sys" privilege" and then use that to exploit this vulnerability to gain root privilege. MandrakeSoft encourages all users to upgrade immediately. Aside from the security vulnerabilities, a number of bugfixes are included in this update, for Mandrake Linux 9.0 users. GIMP-Print 4.2.5pre1, HPIJS 1.3, pnm2ppa 1.12, mtink 0.9.53, and a new foomatic snapshot are included. For a list of the many bugfixes, please refer to the RPM changelog. %description Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript translates PostScript code into many common, bitmapped formats, like those understood by your printer or screen. Ghostscript is normally used to display PostScript files and to print PostScript files to non-PostScript printers. Most applications use PostScript for printer output. In addition, the package contains filters which transfer the raw bitmap of GhostScript into the protocol of some additional printer models. You should install ghostscript if you need to display PostScript files, or if you have a non-PostScript printer. %package fetchmail Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmail-daemon Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package fetchmailconf Updated: Mon Jan 27 10:55:12 2003 Importance: security %pre A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail. %description Fetchmail is a free, full-featured, robust, and well-documented remote mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It retrieves mail from remote mail servers and forwards it to your local (client) machine's delivery system, so it can then be read by normal mail user agents such as Mutt, Elm, Pine, (X)Emacs/Gnus or Mailx. It comes with an interactive GUI configurator suitable for end-users. Fetchmail supports every remote-mail protocol currently in use on the Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN) for retrieval. Then Fetchmail forwards the mail through SMTP, so you can read it through your normal mail client. %package vim-common Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package vim-enhanced Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package vim-minimal Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package vim-X11 Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages. %description VIM (VIsual editor iMproved) is an updated and improved version of the vi editor. Vi was the first real screen-based editor for UNIX, and is still very popular. VIM improves on vi by adding new features: multiple windows, multi-level undo, block highlighting and more. The vim-common package contains files which every VIM binary will need in order to run. %package MySQL Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-bench Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-client Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-devel Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package MySQL-shared Updated: Mon Feb 3 11:12:54 2003 Importance: security %pre Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account. %description MySQL is a true multi-user, multi-threaded SQL (Structured Query Language) database server. MySQL is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. The main goals of MySQL are speed, robustness and ease of use. MySQL was originally developed because we needed a SQL server that could handle very big databases with magnitude higher speed than what any database vendor could offer to us. And since we did not need all the features that made their server slow we made our own. We have now been using MySQL since 1996 in a environment with more than 40 databases, 10,000 tables, of which more than 500 have more than 7 million rows. This is about 200G of data. The base upon which MySQL is built is a set of routines that have been used in a highly demanding production environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. See the documentation for more information. %package slocate Updated: Wed Feb 5 11:20:44 2002 Importance: security %pre A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7. %description Slocate is a security-enhanced version of locate. Just like locate, slocate searches through a central database (updated regularly) for files which match a given pattern. Slocate allows you to quickly find files anywhere on your system. %package postgresql Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-devel Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-jdbc Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-python Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-server Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tcl Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-test Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-tk Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-odbc Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-perl Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-odbc Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package postgresql-perl Updated: Tue Feb 11 12:49:59 2003 Importance: security %pre Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS. These buffer overflows exist in the circle_poly(), path_encode(), and path_addr() functions. In order for these vulnerabilities to be exploited, an attacker must be able to query the server somehow. However, this cannot directly lead to root privilege because the server runs as the postgresql user. Prior to upgrading, users should dump their database and retain it as backup. You can dump the database by using: $ pg_dumpall > db.out If you need to restore from the backup, you can do so by using: $ psql -f db.out template1 Update: The previous update missed a few small fixes, including a buffer overflow in the cash_words() function that allows local users to cause a DoS and possibly execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly execute arbitrary code. %description PostgreSQL is an advanced Object-Relational database management system (DBMS) that supports almost all SQL constructs (including transactions, subselects and user-defined types and functions). The postgresql package includes the client programs and libraries that you'll need to access a PostgreSQL DBMS server. These PostgreSQL client programs are programs that directly manipulate the internal structure of PostgreSQL databases on a PostgreSQL server. These client programs can be located on the same machine with the PostgreSQL server, or may be on a remote machine which accesses a PostgreSQL server over a network connection. This package contains the client libraries for C and C++, as well as command-line utilities for managing PostgreSQL databases on a PostgreSQL server. If you want to manipulate a PostgreSQL database on a remote PostgreSQL server, you need this package. You also need to install this package if you're installing the postgresql-server package. %package openssl Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package openssl-devel Updated: Thu Feb 20 22:17:26 2003 Importance: security %pre In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a). The openssl released with Linux-Mandrake 7.2 and Single Network Firewall 7.2 has been patched to correct this issue. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package vnc Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. %package vnc-doc Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. %package vnc-server Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server. %description Virtual Network Computing (VNC) is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. This package contains a client which will allow you to connect to other desktops running a VNC server. %package lynx Updated: Mon Feb 24 12:47:37 2003 Importance: security %pre A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting. %description This a terminal based WWW browser. While it does not make any attempt at displaying graphics, it has good support for HTML text formatting, forms, and tables. This version includes support for SSL encryption. WARNING: In some countries, it is illegal to export this package. In some countries, it may even be illegal to use it. %package webmin Updated: Wed Feb 26 09:04:31 2003 Importance: security %pre A vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. This could allow an attacker to gain full administrative access to webmin. MandrakeSoft encourages all users to upgrade immediately. %description A web-based administration interface for Unix systems. Using Webmin you can configure DNS, Samba, NFS, local/remote filesystems, Apache, Sendmail/Postfix, and more using your web browser. After installation, enter the URL https://localhost:10000/ into your browser and login as root with your root password. Please consider logging in and modify your password for security issue. PLEASE NOTE THAT THIS VERSION NOW USES SECURE WEB TRANSACTIONS: YOU HAVE TO LOGIN TO "https://localhost:10000/" AND NOT "http://localhost:10000/". %package sendmail Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-cf Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package sendmail-doc Updated: Mon Mar 3 10:25:25 2003 Importance: security %pre A vulnerability was discovered in sendmail by Mark Dowd of ISS X-Force that involves mail header manipulation that can result in a remote user gaining root access to the system running the vulnerable sendmail. Patches supplied by the sendmail development team have been applied to correct this issue. MandrakeSoft encourages all users who have chosen to use sendmail (as opposed to the default MTA, postfix) to upgrade to this version of sendmail immediately. %description Sendmail is not a client program, which you use to read your e-mail. Sendmail is a behind-the-scenes program which actually moves your e-mail over networks or the Internet to where you want it to go. If you ever need to reconfigure Sendmail, you'll also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package. %package file Updated: Thu Mar 6 10:24:39 2003 Importance: security %pre A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file. %description The file command is used to identify a particular file according to the type of data contained by the file. File can identify many different file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. You should install the file package, since the file command is such a useful utility. %package samba-client Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-common Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-doc Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-server Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package samba-swat Updated: Sat Mar 15 16:54:59 2003 Importance: security %pre The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem. MandrakeSoft urges all users to upgrade immediately. If you are unable to apply the updated packages (perhaps due to unavailability on your preferred mirror), the following steps can be taken to protect an unpatched system: The "hosts allow" and "hosts deny" options in the smb.conf file can be used to allow access to your Samba server by only selected hosts; for example: hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 hosts deny = 0.0.0.0/0 This will disallow all connections from machines that are not the localhost or in the 192.168.2 and 192.168.3 private networks. Alternatively, you can tell Samba to listen to only specific network interfaces by using the "interfaces" and "bind interfaces only" options: interfaces = eth1 lo bind interfaces only = yes Obviously, use the internal interface for your network and not an external interface connected to the internet. You may also choose to firewall off some UDP and TCP ports in addition to the previously mentioned suggestions by blocking external access to ports 137 and 138 (UDP) and ports 139 and 445 (TCP). These steps should only be used as a temporary preventative measure and all users should upgrade as quickly as possible. Thanks to Sebastian Krahmer and the SuSE security team for performing the audit, Jeremy Allison for providing the fix, and Andrew Tridgell for providing advice on how to protect an unpatched Samba system. %description Samba provides an SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients, including various versions of MS Windows, OS/2, and other Linux machines. Samba also provides some SMB clients, which complement the built-in SMB filesystem in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability and includes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included in it's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a Windows NT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. %package zlib1 Updated: Tue Mar 18 11:28:18 2003 Importance: security %pre Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3). %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package zlib1-devel Updated: Tue Mar 18 11:28:18 2003 Importance: security %pre Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3). %description The zlib compression library provides in-memory compression and decompression functions, including integrity checks of the uncompressed data. This version of the library supports only one compression method (deflation), but other algorithms may be added later, which will have the same stream interface. The zlib library is used by many different system programs. %package openssl Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package openssl-devel Updated: Mon Mar 24 12:05:31 2003 Importance: security %pre Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the "Bleichenbacher attack" on RSA with PKS #1 v1.5 padding as used in SSL 3.0 and TSL 1.0 was also created by Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa. This attack requires the attacker to open millions of SSL/TLS connections to the server they are attacking. This is done because the server's behaviour when faced with specially crafted RSA ciphertexts can reveal information that would in effect allow the attacker to perform a single RSA private key operation on a ciphertext of their choice, using the server's RSA key. Despite this, the server's RSA key is not compromised at any time. Patches from the OpenSSL team modify SSL/TLS server behaviour to avoid this vulnerability. %description The openssl certificate management tool and the shared libraries that provide various encryption and decription algorithms and protocols, including DES, RC4, RSA and SSL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com). %package glibc Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package glibc-devel Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package glibc-profile Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package ldconfig Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support. %package nscd Updated: Mon Mar 24 15:02:09 2003 Importance: security %pre An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. %description The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. The glibc package also contains national language (locale) support.