[Start] [Organized] [Chronological] [Date Prev] [Date Next]

[SECWS] Bul - 1543 - 08/10/2005


The SECURITY WATCH                                    APOGÉE-Communications
Edition of Wednesday, August 10 2005                    All rights reserved
___________________________________________________________________________

 SUMMARY OF THIS BULLETIN
 ------------------------

* ALERTS (11)
 - MICROSOFT      - Code execution via 'Print Spooler'
 - MICROSOFT      - Buffer overflow in the 'Plug-and-Play' service
 - MICROSOFT      - Multiple flaws in 'Internet Explorer'
 - MICROSOFT      - Kerberos issues in Windows
 - MICROSOFT      - Arbitrary code execution in 'TAPI'
 - AWSTATS        - Arbitrary code execution in 'AWStats'
 - GAIM           - Arbitrary code execution in 'Gaim'
 - HP             - Unauthorized access to the 'ProLiant DL585' server
 - LINUX          - Local denial of service of the Linux kernel 2.6
 - SYSREPORT      - Insecure temporary directories creation
 - GLYPH AND COG  - Denial of service in the 'pdftops' filter

* INFORMATION (12)
 - MICROSOFT      - Patches for the "Remote Desktop Protocol" ('RDP')
 - MICROSOFT      - Patches for 'Internet Explorer'
 - LINUX REDHAT   - Revision of the bulletin RHSA-2005:366
 - KDE            - Patches for 'kpdf'
 - LINUX REDHAT   - Patches for 'cups'
 - LINUX REDHAT   - Patches for 'kdegraphics'
 - LINUX REDHAT   - Revision of the bulletin RHSA-2005:420
 - LINUX REDHAT   - Patches for 'xpdf'
 - LINUX REDHAT   - Patches for 'Gaim' (RHD & RHEL versions 3 and 4)
 - LINUX REDHAT   - Patches for 'Gaim' (RHEL version 2.1)
 - LINUX REDHAT   - Patches for 'ucd-snmp'
 - HP             - Patches for 'IPSec' on Tru64 Unix

* REISSUES OF ALERTS (0)
___________________________________________________________________________

ALERTS
___________________________________________________________________________

* MICROSOFT      - Code execution via 'Print Spooler'

A buffer overflow in the 'Print Spooler' of the Windows 2000, XP and Server
2003 platforms can cause the execution of arbitrary code.

 - Date:        August 09 2005
 - Platform:    Microsoft 'Windows 2000' SP4
                Microsoft 'Windows XP' SP1 and SP2
                Microsoft 'Windows Server 2003'
                Microsoft 'Windows Server 2003' (Itanium)
 - Severity:    Critical
 - Origin:      'Print Spooler' (Spoolsv.exe)
 - Problem:     Buffer overflow
 - Damage:      Arbitrary code execution
 - CVE names:   CAN-2005-1984
 - Description: A buffer overflow affects the 'Print ¨Spooler' service of
                the listed platforms. This flaw can be exploited by a
                remote attacker with a crafted message. When the vulnerable
                service receives this message, this will trigger the flaw
                and cause the execution of arbitrary code with the "SYSTEM"
                user's privileges.
 - References:  Microsoft [MS05-043] (896423)
                 http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx
 - Solution:    Apply the available patch depending on your version.
                Windows 2000 SP4
                 http://www.microsoft.com/downloads/details.aspx?familyid=3DD3B530-7F43-4C18-8298-6E8797431A5D
                Windows XP SP1 and SP2
                 http://www.microsoft.com/downloads/details.aspx?familyid=EF402946-1C3B-47E9-9D51-77D890DF8725
                Windows Server 2003
                 http://www.microsoft.com/downloads/details.aspx?familyid=25469675-DF28-4889-8D13-25EFCD498388
                Windows Server 2003 (Itanium)
                 http://www.microsoft.com/downloads/details.aspx?familyid=F0AEC064-34A3-4EE4-9F15-BE1E3DD02BC7
___________________________________________________________________________

* MICROSOFT      - Buffer overflow in the 'Plug-and-Play' service

A buffer overflow in the 'Plug-and-Play' service can allow a remote
attacker to execute arbitrary code, and a local malevolent user to achieve
a privileges escalation.

 - Date:        August 09 2005
 - Platform:    Microsoft 'Windows 2000' SP4
                Microsoft 'Windows XP' SP1 and SP2
                Microsoft 'Windows XP Professional' (x64)
                Microsoft 'Windows Server 2003' and 'Server 2003' SP1
                Microsoft 'Windows Server 2003' (Itanium) and 'Server 2003'
                SP1 (Itanium)
                Microsoft 'Windows Server 2003' (x64)
 - Severity:    Critical
 - Origin:      'Plug-and-Play' service
 - Problem:     Buffer overflow
 - Damage:      Remote arbitrary code execution
                Local privileges escalation
 - CVE names:   CAN-2005-1983
 - Description: A buffer overflow affects the 'Plug-and-play' service of
                the listed platforms.
                A remote attacker can exploit this flaw on a vulnerable
                Windows 2000 platform with a crafted packet. This will
                cause the execution of arbitrary code.
                A remote authenticated user on the Windows XP SP1 platform,
                or a local malevolent user on a Windows XP SP2 or Server
                2003 platform can exploit this flaw to achieve a privileges
                escalation.
 - References:  Microsoft [MS05-039] (899588)
                 http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
 - Solution:    Apply the available patch depending on your version.
                Windows 2000 SP4
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=E39A3D96-1C37-47D2-82EF-0AC89905C88F
                Windows XP SP1 and SP2
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=9A3BFBDD-62EA-4DB2-88D2-415E095E207F
                Windows XP Professional (x64)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=89D90E25-4773-4782-AD06-9B7517BAB3C8
                Windows Server 2003 and Server 2003 SP1
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=6275D7B7-DAB1-47C8-8745-533EB471072C
                Windows Server 2003 (Itanium) and Server 2003 SP1 (Itanium)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=BE18D39D-3E4C-4C6F-B841-2CCD8D4C3F50
                Windows Server 2003 (x64)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=D976316D-3B17-4AD4-9198-513FFDAC98E4
___________________________________________________________________________

* MICROSOFT      - Multiple flaws in 'Internet Explorer'

Several flaws in the Web browser 'Internet Explorer' allow remotely
triggering the execution of arbitrary code and scripts.

 - Date:        August 09 2005
 - Platform:    Microsoft 'Internet Explorer' 5.01 SP4 (Windows 2000 SP4)
                Microsoft 'Internet Explorer' 5.5 SP2 (Windows ME)
                Microsoft 'Internet Explorer' 6 (Windows XP SP2, Server
                2003 SP0 and SP1, Server 2003 SP0 and SP1 on Itanium,
                Server 2003 x64 Edition, XP Professional x64 Edition)
                Microsoft 'Internet Explorer' 6 SP1 (Windows 2000 SP4, XP
                SP1, 98, 98 SE, ME)
 - Severity:    Critical
 - Origin:      1 - 'Web Folder' feature
                2 - 'COM' objects instantiation
 - Problem:     1 - Insufficient validation of input data (URL)
                2 - Design error
 - Damage:      1 - Remote arbitrary script execution
                2 - Remote arbitrary code execution
 - CVE names:   CAN-2005-1989, CAN-2005-1990
 - Description: Several flaws have been discovered in 'Internet Explorer'.
                1 - The lack of validation of the URL used by 'Internet
                Explorer', in the display of a Web page as a 'Web Folder',
                may be exploited by a remote attacker to trigger the
                execution of arbitrary scripts in the local security zone.
                These scripts are granted the privileges of the local user.
                2 - Instantiating, through 'Internet Explorer', 'COM'
                objects which have not been designed for this use allows
                triggering a corruption of the memory and consequently the
                execution of arbitrary code. This is the flaw exploitable
                through the 'JView Profiler' (MS05-037) which in fact
                impacts numerous other COM objects.
 - References:  Microsoft [MS05-038] (896727)
                 http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx
 - Solution:    Install the provided patches. It is worth noting that these
                cumulative patches supersede those of the MS05-025 and
                MS05-037 bulletins.
                Windows 98, 98SE and ME (Microsoft Windows Update)
                 http://go.microsoft.com/fwlink/?LinkId=21130
                Internet Explorer 5.01 SP4 (Windows 2000 SP4)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=194E0EE7-919C-4A8B-AD8D-01A4FE771942
                Internet Explorer 6 SP1 (Windows 2000 SP4, XP SP1)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=68300B15-1CF9-45FB-875E-2EF6D2FBC9ED
                Internet Explorer 6 (Windows XP SP2)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=648B6F0E-1695-44E5-826A-43406DF4858E
                Internet Explorer 6 (Windows Server 2003 SP0 and SP1)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=F0B96EC3-E954-423A-9AB0-5712B9F14637
                Internet Explorer 6 (Windows Server 2003 SP0 and SP1 on
                Itanium)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=C24D3738-213A-41B8-84A3-2842B34D7B10
                Internet Explorer 6 (Windows Server 2003 x64 Edition)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=F2D544E7-33F5-4A65-A574-15495B05B883
                Internet Explorer 6 (Windows XP Professional x64 Edition)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=1181BC67-0A1D-4A06-99AC-5B2BC6DFE0F6
 - Our advice:  These patches also fix a flaw already known as
                CAN-2005-1988 in the processing of JPG pictures (bulletin
                1526 dated 07/18/2005).
___________________________________________________________________________

* MICROSOFT      - Kerberos issues in Windows

Two flaws in the handling of Kerberos in the Windows 2000, XP and Server
2003 platforms can cause a denial of service, an information disclosure or
allow a remote attacker to lead man-in-the-middle attacks.

 - Date:        August 09 2005
 - Platform:    Microsoft 'Windows 2000' SP4
                Microsoft 'Windows XP' SP1 and SP2
                Microsoft 'Windows XP Professional' (x64)
                Microsoft 'Windows Server 2003' and 'Server 2003' SP1
                Microsoft 'Windows Server 2003' (Itanium) and 'Server 2003'
                SP1 (Itanium)
                Microsoft 'Windows Server 2003' (x64)
 - Severity:    High
 - Origin:      1 - Domain controller
                2 - 'PKINIT' protocol
 - Problem:     1, 2 - Not available
 - Damage:      1 - Denial of service
                2 - Information disclosure, man-in-the-middle attacks
 - CVE names:   CAN-2005-1981, CAN-2005-1982
 - Description: 1 - An undocumented flaw affects the Windows 2000 Server
                and Windows Server 2003 domain controllers. A remote
                malevolent user can trigger a denial of service of these
                platforms with a crafted Kerberos message.
                2 - An undocumented flaw in the implementation of the
                'PKINIT' protocol in the Windows 2000, XP and Server 2003
                platforms can allow a remote attacker to obtain information
                or lead man-in-the-middle attacks.
 - References:  Microsoft [MS05-042] (899587)
                 http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx
 - Solution:    Apply the available patch depending on your version.
                Windows 2000 SP4
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=4E34CD17-8710-4E22-8620-3B84139C18BB
                Windows XP SP1 and SP2
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=DD24F6FA-F6BB-4358-8C2F-7F6AB405981A
                Windows XP Professional (x64)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=FB703DBD-3563-41FD-B608-361CC23796A5
                Windows Server 2003 and Server 2003 SP1
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=34E7CF41-C584-4071-A36F-DE19D0D04B97
                Windows Server 2003 (Itanium) and Server 2003 SP1 (Itanium)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=037CD6D6-11F7-4C44-9CFB-4B6D0B9B93CB
                Windows Server 2003 (x64)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=B86E688C-B668-4841-B961-7C5412C525EC
___________________________________________________________________________

* MICROSOFT      - Arbitrary code execution in 'TAPI'

A flaw in the Windows "Telephony Application Programming Interface"
('TAPI') allows a remote attacker to trigger the execution of arbitrary
code or a local user to achieve a privileges escalation.

 - Date:        August 09 2005
 - Platform:    Microsoft 'Windows 2000' SP4
                Microsoft 'Windows XP' SP1 and SP2
                Microsoft 'Windows XP Professional' x64 Edition
                Microsoft 'Windows Server 2003' SP0 and SP1
                Microsoft 'Windows Server 2003' SP0 and SP1 (Itanium)
                Microsoft 'Windows Server 2003 x64 Edition'
                Microsoft 'Windows 98', '98 Second Edition' (SE), and
                'Millennium Edition' (ME)
 - Severity:    High
 - Origin:      Processing of incoming messages
 - Problem:     Buffer overflow
 - Damage:      Remote arbitrary code execution
                Local privileges escalation
 - CVE names:   CAN-2005-0058
 - Description: A flaw has been discovered in 'TAPI', the telephony API of
                Windows. It allows a remote attacker to trigger the
                execution of arbitrary code by sending a crafted message.
                It also allows a local user to obtain administrative
                privileges and thus to take control of the vulnerable
                machine. The version of Windows and its configuration
                define which ones of those two attacks one may lead through
                this flaw (cf. [MS05-040]). The original advisory also
                provides workaround solutions.
 - References:  Microsoft [MS05-040] (893756)
                 http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx
 - Solution:    Install the available patches.
                Microsoft does not rate this flaw critical on Windows 98,
                98SE and Millenium Edition. Hence no patch is available on
                these versions.
                Windows 2000 SP4
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=C7417EA1-7AFC-4A55-95DC-E814975B8AE6
                Windows XP SP1 and SP2
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=B049004B-AF28-41D7-8AE6-7A3DB15211F1
                Windows XP Professional x64 Edition
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=705545D0-B53B-4E17-8B62-A4C652697C61
                Windows Server 2003 SP0 and SP1
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=0097FE14-1D6B-4423-A437-DEA1ED665A07
                Windows Server 2003 SP0 and SP1 (Itanium)
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=BC16BEAE-0BAD-490C-A80F-4BF81C360CA0
                Windows Server 2003 x64 Edition
                 http://www.microsoft.com/downloads/details.aspx?FamilyId=0CEF9CC2-A7BD-42E0-81B1-EDC303DA8A40
___________________________________________________________________________

* AWSTATS        - Arbitrary code execution in 'AWStats'

The lack of validation of the 'url' parameter in 'AWStats' can allow a
remote attacker to execute arbitrary code on a vulnerable server.

 - Date:        August 09 2005
 - Platform:    AWStats 'awstats' version 6.3 and prior
 - Severity:    High to Critical
 - Origin:      'awstats.pl' file, handling of the 'url' parameter
 - Problem:     Improper validation of input data
 - Damage:      Arbitrary code execution
 - CVE names:   CAN-2005-1527
 - Description: A lack of validation affects the 'AWStats' application when
                the "URLPlugins" are enabled. 'AWStats' does not properly
                validate the 'url' parameter. A remote attacker can exploit
                this issue with a HTTP request that contains a crafted
                'Referer' field. This will cause the execution of arbitrary
                code with the privileges of the Web server, when the
                'AWStats' application will be executed to generate a
                report.
 - References:  iDefense [290]
                 http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
 - Solution:    Install the version 6.4 that fixes the problem.
                 http://awstats.sourceforge.net/
 - Our advice:  iDefense indicates that this flaw is similar to others
                already discussed in a previous bulletin (bulletin 1420
                dated 02/15/2005).
___________________________________________________________________________

* GAIM           - Arbitrary code execution in 'Gaim'

Two flaws in 'Gaim' allow remotely triggering a denial of service of the
instant messaging client and/or the execution of arbitrary code.

 - Date:        August 09 2005
 - Platform:    Gaim 'Gaim' version 1.3.1
                Previous versions are probably vulnerable.
                Red Hat 'Desktop' versions 3 and 4
                Red Hat 'Enterprise Linux AS' versions 3 and 4
                Red Hat 'Enterprise Linux ES' versions 3 and 4
                Red Hat 'Enterprise Linux WS' versions 3 and 4
 - Severity:    High
 - Origin:      1 - Processing of away messages ('AIM' and 'ICQ' protocols)
                2 - Processing of the name of transmitted file ('AIM' and
                'ICQ' protocols)
 - Problem:     1 - Heap overflow
                2 - Not available
 - Damage:      1 - Arbitrary code execution
                2 - Denial of service of the application
 - CVE names:   CAN-2005-2103, CAN-2005-2102
 - Description: Two new flaws have been discovered in handling of the 'AIM'
                and the 'ICQ' protocols by 'Gaim', the instant messaging
                client.
                1 - A heap overflow exists in the processing of away
                messages sent by remote clients. This allows triggering the
                execution of arbitrary code on vulnerable remote clients
                through a crafted away messages.
                2 - Sending a file which name is crafted to a vulnerable
                client may trigger a denial of service of this client. The
                exact nature of the problem is not specified.
 - References:  Red Hat [RHSA-2005:627]
                 https://rhn.redhat.com/errata/RHSA-2005-627.html
 - Solution:    There is no official patch currently available.
                Install the fixed packages provided by the vendor of your
                operating system if they are available.
                Red Hat
                 https://rhn.redhat.com
___________________________________________________________________________

* HP             - Unauthorized access to the 'ProLiant DL585' server

A vulnerability in the 'ProLiant DL585' server can allow a remote attacker
to obtain an access to the system.

 - Date:        August 09 2005
 - Platform:    HP 'ProLiant DL585' with ILO firmware versions prior to
                1.81
 - Severity:    High
 - Origin:      Not available
 - Problem:     Not available
 - Damage:      Unauthorized access
 - CVE names:   No CVE name assigned at the present time
 - Description: An undocumented flaw affects the listed platform. When the
                server is powered down, a remote attacker can exploit this
                flaw to obtain an access to the server.
 - References:  HP [HPSBMA01220] (SSRT051005)
                 http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01220
 - Solution:    There is no official patch currently available.
                A workaround is provided by HP in the original bulletin.
 - Our advice:  This vulnerability may be related to the "Wake On Lan"
                features.
___________________________________________________________________________

* LINUX          - Local denial of service of the Linux kernel 2.6

Two flaws in the Linux kernel 2.6 can allow a local user to cause a denial
of service of the system.

 - Date:        August 09 2005
 - Platform:    Linux 'kernel 2.6' versions prior to 2.6.13-rc6
 - Severity:    Medium
 - Origin:      1 - Handling of the "keyring"
                2 - 'KEYCTL_JOIN_SESSION_KEYRING' operation
 - Problem:     1, 2 - Coding error
 - Damage:      1, 2 - Denial of service of the system
 - CVE names:   CAN-2005-2098, CAN-2005-2099
 - Description: 1 - The destruction of a 'keyring' that was not properly
                instantiated can cause a denial of service of the kernel.
                2 - A coding error in the handling of the
                'KEYCTL_JOIN_SESSION_KEYRING' operation can cause a denial
                of service.
 - References:  Secunia [SA16355]
                 http://secunia.com/advisories/16355/
 - Solution:    Install the version 2.6.13-rc6 of the kernel or the patches
                provided by the editor of your Linux distribution when they
                are made available.
                 http://www.kernel.org
___________________________________________________________________________

* SYSREPORT      - Insecure temporary directories creation

A vulnerability in 'sysreport', a tool to gather system information, can
cause an information disclosure.

 - Date:        August 09 2005
 - Platform:    Sysreport 'sysreport' version not available
                Red Hat Desktop versions 3 and 4
                Red Hat Enterprise Linux AS, ES and WS versions 2.1, 3 and
                4
                Red Hat Linux Advanced Workstation 2.1 (Itanium)
 - Severity:    Medium
 - Origin:      Handling of the temporary directories
 - Problem:     Insecure creation of temporary directories
 - Damage:      Information disclosure
 - CVE names:   CAN-2005-2104
 - Description: The 'sysreport' tool creates temporary directories in an
                insecure manner. This can allow a local malevolent user to
                obtain information.
 - References:  Red Hat [RHSA-2005:598]
                 https://rhn.redhat.com/errata/RHSA-2005-598.html
 - Solution:    There is no official patch currently available.
                Apply the fixed packages for your distribution of Linux
                when they are made available.
                Red Hat
                 https://rhn.redhat.com/
___________________________________________________________________________

* GLYPH AND COG  - Denial of service in the 'pdftops' filter

A flaw in 'pdftops', the PDF to PostScript converter from 'xpdf', allows
triggering a denial of service of this converter and potentially of the
system in whole or in part.

 - Date:        August 09 2005
 - Platform:    Glyph and Cog 'xpdf' version unavailable
 - Severity:    Medium
 - Origin:      'pdftops' conversion filter
 - Problem:     Coding error
 - Damage:      Denial of service of the application
                Potential denial of service of the system
 - CVE names:   CAN-2005-2097
 - Description: A flaw has been discovered in the PDF to PostScript
                conversion filter shipped with 'xpdf'. It allows
                triggering, with a crafted PDF document, the creation of a
                very huge data structure. This triggers a denial of service
                of the filter, as well as the writing of a temporary file
                in a dedicated directory until the whole available space on
                the destination disk volume is completely filled. Depending
                on the configuration of the host, this can potentially lead
                to a denial of service of other applications or of the
                system.
 - References:  Ubuntu [USN-163-1]
                 http://www.ubuntulinux.org/support/documentation/usn/usn-163-1
 - Solution:    There is no official patch to our knowledge.
                Numerous applications from other vendors rely on 'xpdf' and
                are vulnerable as well. The availability of patches for
                these applications will be handled in specific information
                articles.
___________________________________________________________________________

INFORMATION
___________________________________________________________________________

* MICROSOFT      - Patches for the "Remote Desktop Protocol" ('RDP')

Microsoft has announced, in the bulletin MS05-041, the availability of
patches for the 'RDP' protocol used in the "Remote Desktop", "Remote Web
Workplace" and "Remote Assistance" features on Windows 2000 Server SP4,
Windows XP SP1 and SP2, Windows XP Professional x64 Edition, Windows Server
2003 SP0 and SP1, Windows Server 2003 SP0 and SP1 (Itanium), and Windows
Server 2003 x64 Edition.
They fix a flaw that allowed remotely triggering a denial of service of a
vulnerable system.
CAN-2005-1218
MICROSOFT 'RDP' [904797] (bulletin 1526 dated 07/18/2005)

http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx
___________________________________________________________________________

* MICROSOFT      - Patches for 'Internet Explorer'

Microsoft has announced, in the bulletin MS05-038, the availability of
patches for the 'Internet Explorer' browser on numerous versions of
Windows.
They fix three vulnerabilities, which allow in particular remotely
triggering the execution of arbitrary code and scripts. They supersede
those previously released in the MS05-025 and MS05-037 Microsoft bulletins.
CAN-2005-1988, CAN-2005-1989, CAN-2005-1990
MICROSOFT 'Internet Explorer', 'Web Folder', 'COM', 'JView Profiler',
'Javaprxy.dll' [2005-07/0289], [MS05-038], [MS05-037], [MS05-025]
(bulletins 1526 dated 07/18/2005, 1524 dated 07/13/2005, 1517 dated
07/04/2005, 1504 dated 06/15/2005 and 1543 dated 08/10/2005)

http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx
___________________________________________________________________________

* LINUX REDHAT   - Revision of the bulletin RHSA-2005:366

Red Hat has revised the bulletin RHSA-2005:366 about several flaws in the
Linux kernel that allowed triggering denials of the service of the system,
injecting keyboard/mouse events and corrupting sensible information. This
revision announces the correction of the flaw referred to as CAN-2005-0210
that impacts the 'Netfilter' module.
CAN-2005-0135, CAN-2005-0207, CAN-2005-0384, CAN-2005-0400, CAN-2005-0449,
CAN-2005-0529, CAN-2005-0530, CAN-2005-0531, CAN-2005-0736, CAN-2005-0749,
CAN-2005-0750, CAN-2005-0767, CAN-2005-0815, CAN-2005-0839, CAN-2005-0867,
CAN-2005-0977, CAN-2005-1041, CAN-2005-0210
LINUX 'unw_unwind_to_user()', 'O_DIRECT', 'Netfilter', 'PPP', 'ext2',
'netfilter/iptables', '/proc', 'copy_from_read_buf()', 'atm_get_addr()',
'sys_epoll_wait()', 'load_elf_library()', 'Bluetooth', 'Radeon', 'ISO
9660', 'N_MOUSE', 'sysfs', 'tmpfs', 'fib_seq_start()' [RHSA-2005:366],
[USN-95-1], [SA14295], [73], [2005-March/032314], [ChangeLog-2.6.11.6],
[USN-95-1], [393590] (bulletins 1465 dated 04/20/2005, 1441 dated
03/16/2005, 1449 dated 03/29/2005, 1422 dated 02/17/2005, 1421 dated
02/16/2005, 1437 dated 03/10/2005, 1449 dated 03/29/2005, 1441 dated
03/16/2005 and 1443 dated 03/18/2005)

https://rhn.redhat.com/errata/RHSA-2005-366.html
___________________________________________________________________________

* KDE            - Patches for 'kpdf'

KDE has announced, in the advisory-20050809-1 advisory, the availability of
patches for 'kpdf' on KDE versions 3.3.1 and 3.4.1.
They fix a flaw in a code part shared with 'xpdf', which allowed triggering
at least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)

http://www.kde.org/info/security/advisory-20050809-1.txt
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'cups'

Red Hat has announced, in the RHSA-2005:706 advisory, the availability of
patches for 'cups' on Red Hat Desktop versions 3 and 4, and Red Hat
Enterprise Linux AS, ES and WS versions 3 and 4.
They fix a flaw in a 'xpdf' conversion filter, used by 'cups', which
allowed triggering at least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)

https://rhn.redhat.com/errata/RHSA-2005-706.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'kdegraphics'

Red Hat has announced, in the RHSA-2005:671 advisory, the availability of
patches for 'kdegraphics' on Red Hat Desktop version 4, and Red Hat
Enterprise Linux AS, ES and WS version 4.
They fix a flaw in a 'kpdf' conversion filter, which allowed triggering at
least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)

https://rhn.redhat.com/errata/RHSA-2005-671.html
___________________________________________________________________________

* LINUX REDHAT   - Revision of the bulletin RHSA-2005:420

Red Hat has revised the bulletin RHSA-2005:420 about a coding error in the
Linux kernel that allowed triggering a denial of service. This revision
announces the correction of the flaws referred to as CAN-2005-0209 and
CAN-2005-0937, concerning the 'Netfilter' module and the 'futex' functions.
These flaw can cause a denial of service.
CAN-2005-0136, CAN-2005-0209, CAN-2005-0937
LINUX 'Netfilter', 'futex', 'get_user()' [RHSA-2005:420-22], [USN-95-1],
[12959] (bulletins 1500 dated 06/09/2005, 1441 dated 03/16/2005 and 1452
dated 04/01/2005)

https://rhn.redhat.com/errata/RHSA-2005-420.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'xpdf'

Red Hat has announced, in the RHSA-2005:670 advisory, the availability of
patches for 'xpdf' on Red Hat Desktop version 4, and Red Hat Enterprise
Linux AS, ES and WS version 4.
They fix a flaw in a 'xpdf' conversion filter, which allowed triggering at
least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)

https://rhn.redhat.com/errata/RHSA-2005-670.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'Gaim' (RHD & RHEL versions 3 and 4)

Red Hat has announced, in the advisory RHSA-2005:627, the availability of
patches for 'Gaim' on Red Hat Desktop versions 3 and 4, and Red Hat
Enterprise Linux AS, ES and WS versions 3 and 4.
They fix three flaws that allowed triggering denials of service of the
client and remotely executing arbitrary code.
CAN-2005-2103, CAN-2005-2102, CAN-2005-2370
GAIM, EKG 'AIM', 'ICQ', 'libgadu' [RHSA-2005:627], [DSA-769] (bulletins
1543 dated 08/10/2005 and 1535 dated 07/29/2005)

https://rhn.redhat.com/errata/RHSA-2005-627.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'Gaim' (RHEL version 2.1)

Red Hat has announced, in the advisory RHSA-2005:589, the availability of
patches for 'Gaim' on Red Hat Enterprise Linux AS, ES and WS version 2.1
and Red Hat Linux Advanced Workstation version 2.1 (Itanium).
They fix a flaw that allowed remotely executing arbitrary code.
CAN-2005-2103
GAIM 'AIM', 'ICQ' [RHSA-2005:627] (bulletin 1543 dated 08/10/2005)

https://rhn.redhat.com/errata/RHSA-2005-589.html
___________________________________________________________________________

* LINUX REDHAT   - Patches for 'ucd-snmp'

Red Hat has announced, in the advisory RHSA-2005:720, the availability of
patches for the 'ucd-snmp' packages on Red Hat Enterprise Linux AS, ES and
WS version 2.1 and Red Hat Linux Advanced Workstation version 2.1
(Itanium).
They fix a flaw that allowed remotely triggering a denial of service.
CAN-2005-2177
NET-SNMP 'Net-SNMP' [14168] (bulletin 1520 dated 07/07/2005)

https://rhn.redhat.com/errata/RHSA-2005-720.html
___________________________________________________________________________

* HP             - Patches for 'IPSec' on Tru64 Unix

HP has announced, in the bulletin HPSBTU01217, the availability of patches
for 'IPSec' on HP Tru64 Unix versions 5.1B-3 and 5.1B-2/PK4. They fix a
flaw that allowed disclosing sensitive information.
CAN-2005-0039
IP 'CBC', 'IPSec' [004033/NISCC/IPSEC] (bulletin 1478 dated 05/10/2005)

http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01217
___________________________________________________________________________

Yours sincerely,

The Security Watch Team



--
Security Watch Service
mailto:veille-sec@veille.apogee-com.fr
APOGEE Communications
15, Avenue du Cap Horn
ZA de Courtaboeuf 
91940 LES ULIS
Tel : + 33 1 69 85 78 00
Fax : + 33 1 69 85 78 51

Technical support : + 33 1 73 23 17 00

Nota: Trademarks and products appearing in this bulletin are property
      of their respective depositaries.