[Start]
[Organized]
[Chronological]
[Date Prev]
[Date Next]
[SECWS] Bul - 1543 - 08/10/2005
The SECURITY WATCH APOGÉE-Communications
Edition of Wednesday, August 10 2005 All rights reserved
___________________________________________________________________________
SUMMARY OF THIS BULLETIN
------------------------
* ALERTS (11)
- MICROSOFT - Code execution via 'Print Spooler'
- MICROSOFT - Buffer overflow in the 'Plug-and-Play' service
- MICROSOFT - Multiple flaws in 'Internet Explorer'
- MICROSOFT - Kerberos issues in Windows
- MICROSOFT - Arbitrary code execution in 'TAPI'
- AWSTATS - Arbitrary code execution in 'AWStats'
- GAIM - Arbitrary code execution in 'Gaim'
- HP - Unauthorized access to the 'ProLiant DL585' server
- LINUX - Local denial of service of the Linux kernel 2.6
- SYSREPORT - Insecure temporary directories creation
- GLYPH AND COG - Denial of service in the 'pdftops' filter
* INFORMATION (12)
- MICROSOFT - Patches for the "Remote Desktop Protocol" ('RDP')
- MICROSOFT - Patches for 'Internet Explorer'
- LINUX REDHAT - Revision of the bulletin RHSA-2005:366
- KDE - Patches for 'kpdf'
- LINUX REDHAT - Patches for 'cups'
- LINUX REDHAT - Patches for 'kdegraphics'
- LINUX REDHAT - Revision of the bulletin RHSA-2005:420
- LINUX REDHAT - Patches for 'xpdf'
- LINUX REDHAT - Patches for 'Gaim' (RHD & RHEL versions 3 and 4)
- LINUX REDHAT - Patches for 'Gaim' (RHEL version 2.1)
- LINUX REDHAT - Patches for 'ucd-snmp'
- HP - Patches for 'IPSec' on Tru64 Unix
* REISSUES OF ALERTS (0)
___________________________________________________________________________
ALERTS
___________________________________________________________________________
* MICROSOFT - Code execution via 'Print Spooler'
A buffer overflow in the 'Print Spooler' of the Windows 2000, XP and Server
2003 platforms can cause the execution of arbitrary code.
- Date: August 09 2005
- Platform: Microsoft 'Windows 2000' SP4
Microsoft 'Windows XP' SP1 and SP2
Microsoft 'Windows Server 2003'
Microsoft 'Windows Server 2003' (Itanium)
- Severity: Critical
- Origin: 'Print Spooler' (Spoolsv.exe)
- Problem: Buffer overflow
- Damage: Arbitrary code execution
- CVE names: CAN-2005-1984
- Description: A buffer overflow affects the 'Print ¨Spooler' service of
the listed platforms. This flaw can be exploited by a
remote attacker with a crafted message. When the vulnerable
service receives this message, this will trigger the flaw
and cause the execution of arbitrary code with the "SYSTEM"
user's privileges.
- References: Microsoft [MS05-043] (896423)
http://www.microsoft.com/technet/security/Bulletin/MS05-043.mspx
- Solution: Apply the available patch depending on your version.
Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?familyid=3DD3B530-7F43-4C18-8298-6E8797431A5D
Windows XP SP1 and SP2
http://www.microsoft.com/downloads/details.aspx?familyid=EF402946-1C3B-47E9-9D51-77D890DF8725
Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?familyid=25469675-DF28-4889-8D13-25EFCD498388
Windows Server 2003 (Itanium)
http://www.microsoft.com/downloads/details.aspx?familyid=F0AEC064-34A3-4EE4-9F15-BE1E3DD02BC7
___________________________________________________________________________
* MICROSOFT - Buffer overflow in the 'Plug-and-Play' service
A buffer overflow in the 'Plug-and-Play' service can allow a remote
attacker to execute arbitrary code, and a local malevolent user to achieve
a privileges escalation.
- Date: August 09 2005
- Platform: Microsoft 'Windows 2000' SP4
Microsoft 'Windows XP' SP1 and SP2
Microsoft 'Windows XP Professional' (x64)
Microsoft 'Windows Server 2003' and 'Server 2003' SP1
Microsoft 'Windows Server 2003' (Itanium) and 'Server 2003'
SP1 (Itanium)
Microsoft 'Windows Server 2003' (x64)
- Severity: Critical
- Origin: 'Plug-and-Play' service
- Problem: Buffer overflow
- Damage: Remote arbitrary code execution
Local privileges escalation
- CVE names: CAN-2005-1983
- Description: A buffer overflow affects the 'Plug-and-play' service of
the listed platforms.
A remote attacker can exploit this flaw on a vulnerable
Windows 2000 platform with a crafted packet. This will
cause the execution of arbitrary code.
A remote authenticated user on the Windows XP SP1 platform,
or a local malevolent user on a Windows XP SP2 or Server
2003 platform can exploit this flaw to achieve a privileges
escalation.
- References: Microsoft [MS05-039] (899588)
http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx
- Solution: Apply the available patch depending on your version.
Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?FamilyId=E39A3D96-1C37-47D2-82EF-0AC89905C88F
Windows XP SP1 and SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=9A3BFBDD-62EA-4DB2-88D2-415E095E207F
Windows XP Professional (x64)
http://www.microsoft.com/downloads/details.aspx?FamilyId=89D90E25-4773-4782-AD06-9B7517BAB3C8
Windows Server 2003 and Server 2003 SP1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6275D7B7-DAB1-47C8-8745-533EB471072C
Windows Server 2003 (Itanium) and Server 2003 SP1 (Itanium)
http://www.microsoft.com/downloads/details.aspx?FamilyId=BE18D39D-3E4C-4C6F-B841-2CCD8D4C3F50
Windows Server 2003 (x64)
http://www.microsoft.com/downloads/details.aspx?FamilyId=D976316D-3B17-4AD4-9198-513FFDAC98E4
___________________________________________________________________________
* MICROSOFT - Multiple flaws in 'Internet Explorer'
Several flaws in the Web browser 'Internet Explorer' allow remotely
triggering the execution of arbitrary code and scripts.
- Date: August 09 2005
- Platform: Microsoft 'Internet Explorer' 5.01 SP4 (Windows 2000 SP4)
Microsoft 'Internet Explorer' 5.5 SP2 (Windows ME)
Microsoft 'Internet Explorer' 6 (Windows XP SP2, Server
2003 SP0 and SP1, Server 2003 SP0 and SP1 on Itanium,
Server 2003 x64 Edition, XP Professional x64 Edition)
Microsoft 'Internet Explorer' 6 SP1 (Windows 2000 SP4, XP
SP1, 98, 98 SE, ME)
- Severity: Critical
- Origin: 1 - 'Web Folder' feature
2 - 'COM' objects instantiation
- Problem: 1 - Insufficient validation of input data (URL)
2 - Design error
- Damage: 1 - Remote arbitrary script execution
2 - Remote arbitrary code execution
- CVE names: CAN-2005-1989, CAN-2005-1990
- Description: Several flaws have been discovered in 'Internet Explorer'.
1 - The lack of validation of the URL used by 'Internet
Explorer', in the display of a Web page as a 'Web Folder',
may be exploited by a remote attacker to trigger the
execution of arbitrary scripts in the local security zone.
These scripts are granted the privileges of the local user.
2 - Instantiating, through 'Internet Explorer', 'COM'
objects which have not been designed for this use allows
triggering a corruption of the memory and consequently the
execution of arbitrary code. This is the flaw exploitable
through the 'JView Profiler' (MS05-037) which in fact
impacts numerous other COM objects.
- References: Microsoft [MS05-038] (896727)
http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx
- Solution: Install the provided patches. It is worth noting that these
cumulative patches supersede those of the MS05-025 and
MS05-037 bulletins.
Windows 98, 98SE and ME (Microsoft Windows Update)
http://go.microsoft.com/fwlink/?LinkId=21130
Internet Explorer 5.01 SP4 (Windows 2000 SP4)
http://www.microsoft.com/downloads/details.aspx?FamilyId=194E0EE7-919C-4A8B-AD8D-01A4FE771942
Internet Explorer 6 SP1 (Windows 2000 SP4, XP SP1)
http://www.microsoft.com/downloads/details.aspx?FamilyId=68300B15-1CF9-45FB-875E-2EF6D2FBC9ED
Internet Explorer 6 (Windows XP SP2)
http://www.microsoft.com/downloads/details.aspx?FamilyId=648B6F0E-1695-44E5-826A-43406DF4858E
Internet Explorer 6 (Windows Server 2003 SP0 and SP1)
http://www.microsoft.com/downloads/details.aspx?FamilyId=F0B96EC3-E954-423A-9AB0-5712B9F14637
Internet Explorer 6 (Windows Server 2003 SP0 and SP1 on
Itanium)
http://www.microsoft.com/downloads/details.aspx?FamilyId=C24D3738-213A-41B8-84A3-2842B34D7B10
Internet Explorer 6 (Windows Server 2003 x64 Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=F2D544E7-33F5-4A65-A574-15495B05B883
Internet Explorer 6 (Windows XP Professional x64 Edition)
http://www.microsoft.com/downloads/details.aspx?FamilyId=1181BC67-0A1D-4A06-99AC-5B2BC6DFE0F6
- Our advice: These patches also fix a flaw already known as
CAN-2005-1988 in the processing of JPG pictures (bulletin
1526 dated 07/18/2005).
___________________________________________________________________________
* MICROSOFT - Kerberos issues in Windows
Two flaws in the handling of Kerberos in the Windows 2000, XP and Server
2003 platforms can cause a denial of service, an information disclosure or
allow a remote attacker to lead man-in-the-middle attacks.
- Date: August 09 2005
- Platform: Microsoft 'Windows 2000' SP4
Microsoft 'Windows XP' SP1 and SP2
Microsoft 'Windows XP Professional' (x64)
Microsoft 'Windows Server 2003' and 'Server 2003' SP1
Microsoft 'Windows Server 2003' (Itanium) and 'Server 2003'
SP1 (Itanium)
Microsoft 'Windows Server 2003' (x64)
- Severity: High
- Origin: 1 - Domain controller
2 - 'PKINIT' protocol
- Problem: 1, 2 - Not available
- Damage: 1 - Denial of service
2 - Information disclosure, man-in-the-middle attacks
- CVE names: CAN-2005-1981, CAN-2005-1982
- Description: 1 - An undocumented flaw affects the Windows 2000 Server
and Windows Server 2003 domain controllers. A remote
malevolent user can trigger a denial of service of these
platforms with a crafted Kerberos message.
2 - An undocumented flaw in the implementation of the
'PKINIT' protocol in the Windows 2000, XP and Server 2003
platforms can allow a remote attacker to obtain information
or lead man-in-the-middle attacks.
- References: Microsoft [MS05-042] (899587)
http://www.microsoft.com/technet/security/Bulletin/MS05-042.mspx
- Solution: Apply the available patch depending on your version.
Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?FamilyId=4E34CD17-8710-4E22-8620-3B84139C18BB
Windows XP SP1 and SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=DD24F6FA-F6BB-4358-8C2F-7F6AB405981A
Windows XP Professional (x64)
http://www.microsoft.com/downloads/details.aspx?FamilyId=FB703DBD-3563-41FD-B608-361CC23796A5
Windows Server 2003 and Server 2003 SP1
http://www.microsoft.com/downloads/details.aspx?FamilyId=34E7CF41-C584-4071-A36F-DE19D0D04B97
Windows Server 2003 (Itanium) and Server 2003 SP1 (Itanium)
http://www.microsoft.com/downloads/details.aspx?FamilyId=037CD6D6-11F7-4C44-9CFB-4B6D0B9B93CB
Windows Server 2003 (x64)
http://www.microsoft.com/downloads/details.aspx?FamilyId=B86E688C-B668-4841-B961-7C5412C525EC
___________________________________________________________________________
* MICROSOFT - Arbitrary code execution in 'TAPI'
A flaw in the Windows "Telephony Application Programming Interface"
('TAPI') allows a remote attacker to trigger the execution of arbitrary
code or a local user to achieve a privileges escalation.
- Date: August 09 2005
- Platform: Microsoft 'Windows 2000' SP4
Microsoft 'Windows XP' SP1 and SP2
Microsoft 'Windows XP Professional' x64 Edition
Microsoft 'Windows Server 2003' SP0 and SP1
Microsoft 'Windows Server 2003' SP0 and SP1 (Itanium)
Microsoft 'Windows Server 2003 x64 Edition'
Microsoft 'Windows 98', '98 Second Edition' (SE), and
'Millennium Edition' (ME)
- Severity: High
- Origin: Processing of incoming messages
- Problem: Buffer overflow
- Damage: Remote arbitrary code execution
Local privileges escalation
- CVE names: CAN-2005-0058
- Description: A flaw has been discovered in 'TAPI', the telephony API of
Windows. It allows a remote attacker to trigger the
execution of arbitrary code by sending a crafted message.
It also allows a local user to obtain administrative
privileges and thus to take control of the vulnerable
machine. The version of Windows and its configuration
define which ones of those two attacks one may lead through
this flaw (cf. [MS05-040]). The original advisory also
provides workaround solutions.
- References: Microsoft [MS05-040] (893756)
http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx
- Solution: Install the available patches.
Microsoft does not rate this flaw critical on Windows 98,
98SE and Millenium Edition. Hence no patch is available on
these versions.
Windows 2000 SP4
http://www.microsoft.com/downloads/details.aspx?FamilyId=C7417EA1-7AFC-4A55-95DC-E814975B8AE6
Windows XP SP1 and SP2
http://www.microsoft.com/downloads/details.aspx?FamilyId=B049004B-AF28-41D7-8AE6-7A3DB15211F1
Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=705545D0-B53B-4E17-8B62-A4C652697C61
Windows Server 2003 SP0 and SP1
http://www.microsoft.com/downloads/details.aspx?FamilyId=0097FE14-1D6B-4423-A437-DEA1ED665A07
Windows Server 2003 SP0 and SP1 (Itanium)
http://www.microsoft.com/downloads/details.aspx?FamilyId=BC16BEAE-0BAD-490C-A80F-4BF81C360CA0
Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CEF9CC2-A7BD-42E0-81B1-EDC303DA8A40
___________________________________________________________________________
* AWSTATS - Arbitrary code execution in 'AWStats'
The lack of validation of the 'url' parameter in 'AWStats' can allow a
remote attacker to execute arbitrary code on a vulnerable server.
- Date: August 09 2005
- Platform: AWStats 'awstats' version 6.3 and prior
- Severity: High to Critical
- Origin: 'awstats.pl' file, handling of the 'url' parameter
- Problem: Improper validation of input data
- Damage: Arbitrary code execution
- CVE names: CAN-2005-1527
- Description: A lack of validation affects the 'AWStats' application when
the "URLPlugins" are enabled. 'AWStats' does not properly
validate the 'url' parameter. A remote attacker can exploit
this issue with a HTTP request that contains a crafted
'Referer' field. This will cause the execution of arbitrary
code with the privileges of the Web server, when the
'AWStats' application will be executed to generate a
report.
- References: iDefense [290]
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
- Solution: Install the version 6.4 that fixes the problem.
http://awstats.sourceforge.net/
- Our advice: iDefense indicates that this flaw is similar to others
already discussed in a previous bulletin (bulletin 1420
dated 02/15/2005).
___________________________________________________________________________
* GAIM - Arbitrary code execution in 'Gaim'
Two flaws in 'Gaim' allow remotely triggering a denial of service of the
instant messaging client and/or the execution of arbitrary code.
- Date: August 09 2005
- Platform: Gaim 'Gaim' version 1.3.1
Previous versions are probably vulnerable.
Red Hat 'Desktop' versions 3 and 4
Red Hat 'Enterprise Linux AS' versions 3 and 4
Red Hat 'Enterprise Linux ES' versions 3 and 4
Red Hat 'Enterprise Linux WS' versions 3 and 4
- Severity: High
- Origin: 1 - Processing of away messages ('AIM' and 'ICQ' protocols)
2 - Processing of the name of transmitted file ('AIM' and
'ICQ' protocols)
- Problem: 1 - Heap overflow
2 - Not available
- Damage: 1 - Arbitrary code execution
2 - Denial of service of the application
- CVE names: CAN-2005-2103, CAN-2005-2102
- Description: Two new flaws have been discovered in handling of the 'AIM'
and the 'ICQ' protocols by 'Gaim', the instant messaging
client.
1 - A heap overflow exists in the processing of away
messages sent by remote clients. This allows triggering the
execution of arbitrary code on vulnerable remote clients
through a crafted away messages.
2 - Sending a file which name is crafted to a vulnerable
client may trigger a denial of service of this client. The
exact nature of the problem is not specified.
- References: Red Hat [RHSA-2005:627]
https://rhn.redhat.com/errata/RHSA-2005-627.html
- Solution: There is no official patch currently available.
Install the fixed packages provided by the vendor of your
operating system if they are available.
Red Hat
https://rhn.redhat.com
___________________________________________________________________________
* HP - Unauthorized access to the 'ProLiant DL585' server
A vulnerability in the 'ProLiant DL585' server can allow a remote attacker
to obtain an access to the system.
- Date: August 09 2005
- Platform: HP 'ProLiant DL585' with ILO firmware versions prior to
1.81
- Severity: High
- Origin: Not available
- Problem: Not available
- Damage: Unauthorized access
- CVE names: No CVE name assigned at the present time
- Description: An undocumented flaw affects the listed platform. When the
server is powered down, a remote attacker can exploit this
flaw to obtain an access to the server.
- References: HP [HPSBMA01220] (SSRT051005)
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01220
- Solution: There is no official patch currently available.
A workaround is provided by HP in the original bulletin.
- Our advice: This vulnerability may be related to the "Wake On Lan"
features.
___________________________________________________________________________
* LINUX - Local denial of service of the Linux kernel 2.6
Two flaws in the Linux kernel 2.6 can allow a local user to cause a denial
of service of the system.
- Date: August 09 2005
- Platform: Linux 'kernel 2.6' versions prior to 2.6.13-rc6
- Severity: Medium
- Origin: 1 - Handling of the "keyring"
2 - 'KEYCTL_JOIN_SESSION_KEYRING' operation
- Problem: 1, 2 - Coding error
- Damage: 1, 2 - Denial of service of the system
- CVE names: CAN-2005-2098, CAN-2005-2099
- Description: 1 - The destruction of a 'keyring' that was not properly
instantiated can cause a denial of service of the kernel.
2 - A coding error in the handling of the
'KEYCTL_JOIN_SESSION_KEYRING' operation can cause a denial
of service.
- References: Secunia [SA16355]
http://secunia.com/advisories/16355/
- Solution: Install the version 2.6.13-rc6 of the kernel or the patches
provided by the editor of your Linux distribution when they
are made available.
http://www.kernel.org
___________________________________________________________________________
* SYSREPORT - Insecure temporary directories creation
A vulnerability in 'sysreport', a tool to gather system information, can
cause an information disclosure.
- Date: August 09 2005
- Platform: Sysreport 'sysreport' version not available
Red Hat Desktop versions 3 and 4
Red Hat Enterprise Linux AS, ES and WS versions 2.1, 3 and
4
Red Hat Linux Advanced Workstation 2.1 (Itanium)
- Severity: Medium
- Origin: Handling of the temporary directories
- Problem: Insecure creation of temporary directories
- Damage: Information disclosure
- CVE names: CAN-2005-2104
- Description: The 'sysreport' tool creates temporary directories in an
insecure manner. This can allow a local malevolent user to
obtain information.
- References: Red Hat [RHSA-2005:598]
https://rhn.redhat.com/errata/RHSA-2005-598.html
- Solution: There is no official patch currently available.
Apply the fixed packages for your distribution of Linux
when they are made available.
Red Hat
https://rhn.redhat.com/
___________________________________________________________________________
* GLYPH AND COG - Denial of service in the 'pdftops' filter
A flaw in 'pdftops', the PDF to PostScript converter from 'xpdf', allows
triggering a denial of service of this converter and potentially of the
system in whole or in part.
- Date: August 09 2005
- Platform: Glyph and Cog 'xpdf' version unavailable
- Severity: Medium
- Origin: 'pdftops' conversion filter
- Problem: Coding error
- Damage: Denial of service of the application
Potential denial of service of the system
- CVE names: CAN-2005-2097
- Description: A flaw has been discovered in the PDF to PostScript
conversion filter shipped with 'xpdf'. It allows
triggering, with a crafted PDF document, the creation of a
very huge data structure. This triggers a denial of service
of the filter, as well as the writing of a temporary file
in a dedicated directory until the whole available space on
the destination disk volume is completely filled. Depending
on the configuration of the host, this can potentially lead
to a denial of service of other applications or of the
system.
- References: Ubuntu [USN-163-1]
http://www.ubuntulinux.org/support/documentation/usn/usn-163-1
- Solution: There is no official patch to our knowledge.
Numerous applications from other vendors rely on 'xpdf' and
are vulnerable as well. The availability of patches for
these applications will be handled in specific information
articles.
___________________________________________________________________________
INFORMATION
___________________________________________________________________________
* MICROSOFT - Patches for the "Remote Desktop Protocol" ('RDP')
Microsoft has announced, in the bulletin MS05-041, the availability of
patches for the 'RDP' protocol used in the "Remote Desktop", "Remote Web
Workplace" and "Remote Assistance" features on Windows 2000 Server SP4,
Windows XP SP1 and SP2, Windows XP Professional x64 Edition, Windows Server
2003 SP0 and SP1, Windows Server 2003 SP0 and SP1 (Itanium), and Windows
Server 2003 x64 Edition.
They fix a flaw that allowed remotely triggering a denial of service of a
vulnerable system.
CAN-2005-1218
MICROSOFT 'RDP' [904797] (bulletin 1526 dated 07/18/2005)
http://www.microsoft.com/technet/security/Bulletin/MS05-041.mspx
___________________________________________________________________________
* MICROSOFT - Patches for 'Internet Explorer'
Microsoft has announced, in the bulletin MS05-038, the availability of
patches for the 'Internet Explorer' browser on numerous versions of
Windows.
They fix three vulnerabilities, which allow in particular remotely
triggering the execution of arbitrary code and scripts. They supersede
those previously released in the MS05-025 and MS05-037 Microsoft bulletins.
CAN-2005-1988, CAN-2005-1989, CAN-2005-1990
MICROSOFT 'Internet Explorer', 'Web Folder', 'COM', 'JView Profiler',
'Javaprxy.dll' [2005-07/0289], [MS05-038], [MS05-037], [MS05-025]
(bulletins 1526 dated 07/18/2005, 1524 dated 07/13/2005, 1517 dated
07/04/2005, 1504 dated 06/15/2005 and 1543 dated 08/10/2005)
http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx
___________________________________________________________________________
* LINUX REDHAT - Revision of the bulletin RHSA-2005:366
Red Hat has revised the bulletin RHSA-2005:366 about several flaws in the
Linux kernel that allowed triggering denials of the service of the system,
injecting keyboard/mouse events and corrupting sensible information. This
revision announces the correction of the flaw referred to as CAN-2005-0210
that impacts the 'Netfilter' module.
CAN-2005-0135, CAN-2005-0207, CAN-2005-0384, CAN-2005-0400, CAN-2005-0449,
CAN-2005-0529, CAN-2005-0530, CAN-2005-0531, CAN-2005-0736, CAN-2005-0749,
CAN-2005-0750, CAN-2005-0767, CAN-2005-0815, CAN-2005-0839, CAN-2005-0867,
CAN-2005-0977, CAN-2005-1041, CAN-2005-0210
LINUX 'unw_unwind_to_user()', 'O_DIRECT', 'Netfilter', 'PPP', 'ext2',
'netfilter/iptables', '/proc', 'copy_from_read_buf()', 'atm_get_addr()',
'sys_epoll_wait()', 'load_elf_library()', 'Bluetooth', 'Radeon', 'ISO
9660', 'N_MOUSE', 'sysfs', 'tmpfs', 'fib_seq_start()' [RHSA-2005:366],
[USN-95-1], [SA14295], [73], [2005-March/032314], [ChangeLog-2.6.11.6],
[USN-95-1], [393590] (bulletins 1465 dated 04/20/2005, 1441 dated
03/16/2005, 1449 dated 03/29/2005, 1422 dated 02/17/2005, 1421 dated
02/16/2005, 1437 dated 03/10/2005, 1449 dated 03/29/2005, 1441 dated
03/16/2005 and 1443 dated 03/18/2005)
https://rhn.redhat.com/errata/RHSA-2005-366.html
___________________________________________________________________________
* KDE - Patches for 'kpdf'
KDE has announced, in the advisory-20050809-1 advisory, the availability of
patches for 'kpdf' on KDE versions 3.3.1 and 3.4.1.
They fix a flaw in a code part shared with 'xpdf', which allowed triggering
at least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)
http://www.kde.org/info/security/advisory-20050809-1.txt
___________________________________________________________________________
* LINUX REDHAT - Patches for 'cups'
Red Hat has announced, in the RHSA-2005:706 advisory, the availability of
patches for 'cups' on Red Hat Desktop versions 3 and 4, and Red Hat
Enterprise Linux AS, ES and WS versions 3 and 4.
They fix a flaw in a 'xpdf' conversion filter, used by 'cups', which
allowed triggering at least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)
https://rhn.redhat.com/errata/RHSA-2005-706.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'kdegraphics'
Red Hat has announced, in the RHSA-2005:671 advisory, the availability of
patches for 'kdegraphics' on Red Hat Desktop version 4, and Red Hat
Enterprise Linux AS, ES and WS version 4.
They fix a flaw in a 'kpdf' conversion filter, which allowed triggering at
least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)
https://rhn.redhat.com/errata/RHSA-2005-671.html
___________________________________________________________________________
* LINUX REDHAT - Revision of the bulletin RHSA-2005:420
Red Hat has revised the bulletin RHSA-2005:420 about a coding error in the
Linux kernel that allowed triggering a denial of service. This revision
announces the correction of the flaws referred to as CAN-2005-0209 and
CAN-2005-0937, concerning the 'Netfilter' module and the 'futex' functions.
These flaw can cause a denial of service.
CAN-2005-0136, CAN-2005-0209, CAN-2005-0937
LINUX 'Netfilter', 'futex', 'get_user()' [RHSA-2005:420-22], [USN-95-1],
[12959] (bulletins 1500 dated 06/09/2005, 1441 dated 03/16/2005 and 1452
dated 04/01/2005)
https://rhn.redhat.com/errata/RHSA-2005-420.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'xpdf'
Red Hat has announced, in the RHSA-2005:670 advisory, the availability of
patches for 'xpdf' on Red Hat Desktop version 4, and Red Hat Enterprise
Linux AS, ES and WS version 4.
They fix a flaw in a 'xpdf' conversion filter, which allowed triggering at
least a denial of service of the application.
CAN-2005-2097
GLYPH AND COG 'xpdf' [USN-163-1] (bulletin 1543 dated 08/10/2005)
https://rhn.redhat.com/errata/RHSA-2005-670.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'Gaim' (RHD & RHEL versions 3 and 4)
Red Hat has announced, in the advisory RHSA-2005:627, the availability of
patches for 'Gaim' on Red Hat Desktop versions 3 and 4, and Red Hat
Enterprise Linux AS, ES and WS versions 3 and 4.
They fix three flaws that allowed triggering denials of service of the
client and remotely executing arbitrary code.
CAN-2005-2103, CAN-2005-2102, CAN-2005-2370
GAIM, EKG 'AIM', 'ICQ', 'libgadu' [RHSA-2005:627], [DSA-769] (bulletins
1543 dated 08/10/2005 and 1535 dated 07/29/2005)
https://rhn.redhat.com/errata/RHSA-2005-627.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'Gaim' (RHEL version 2.1)
Red Hat has announced, in the advisory RHSA-2005:589, the availability of
patches for 'Gaim' on Red Hat Enterprise Linux AS, ES and WS version 2.1
and Red Hat Linux Advanced Workstation version 2.1 (Itanium).
They fix a flaw that allowed remotely executing arbitrary code.
CAN-2005-2103
GAIM 'AIM', 'ICQ' [RHSA-2005:627] (bulletin 1543 dated 08/10/2005)
https://rhn.redhat.com/errata/RHSA-2005-589.html
___________________________________________________________________________
* LINUX REDHAT - Patches for 'ucd-snmp'
Red Hat has announced, in the advisory RHSA-2005:720, the availability of
patches for the 'ucd-snmp' packages on Red Hat Enterprise Linux AS, ES and
WS version 2.1 and Red Hat Linux Advanced Workstation version 2.1
(Itanium).
They fix a flaw that allowed remotely triggering a denial of service.
CAN-2005-2177
NET-SNMP 'Net-SNMP' [14168] (bulletin 1520 dated 07/07/2005)
https://rhn.redhat.com/errata/RHSA-2005-720.html
___________________________________________________________________________
* HP - Patches for 'IPSec' on Tru64 Unix
HP has announced, in the bulletin HPSBTU01217, the availability of patches
for 'IPSec' on HP Tru64 Unix versions 5.1B-3 and 5.1B-2/PK4. They fix a
flaw that allowed disclosing sensitive information.
CAN-2005-0039
IP 'CBC', 'IPSec' [004033/NISCC/IPSEC] (bulletin 1478 dated 05/10/2005)
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01217
___________________________________________________________________________
Yours sincerely,
The Security Watch Team
--
Security Watch Service
mailto:veille-sec@veille.apogee-com.fr
APOGEE Communications
15, Avenue du Cap Horn
ZA de Courtaboeuf
91940 LES ULIS
Tel : + 33 1 69 85 78 00
Fax : + 33 1 69 85 78 51
Technical support : + 33 1 73 23 17 00
Nota: Trademarks and products appearing in this bulletin are property
of their respective depositaries.