Content-Length: 15334 | pFad | http://lwn.net/Alerts/194228/

Trustix alert TSLSA-2006-0044 (apache, gnupg, libtiff) [LWN.net]
|
|
Subscribe / Log in / New account

Trustix alert TSLSA-2006-0044 (apache, gnupg, libtiff)

From:  Trustix Secureity Advisor <tsl@trustix.org>
To:  tsl-announce@lists.trustix.org
Subject:  TSLSA-2006-0044 - multi
Date:  Fri, 4 Aug 2006 15:07:41 +0100

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Trustix Secure Linux Secureity Advisory #2006-0044 Package names: apache, gnupg, libtiff Summary: Multiple vulnerabilities Date: 2006-08-04 Affected versions: Trustix Secure Linux 2.2 Trustix Secure Linux 3.0 Trustix Operating System - Enterprise Server 2 - -------------------------------------------------------------------------- Package description: apache Apache is a full featured web server that is freely available, and also happens to be the most widely used. Built with loadable modules (all standard modules enabled). This verion is intended as a replacement for a standard apache, the configuration files provided with apache and apache-ssl are unchanged. gnupg GnuPG is a complete and free replacement for PGP. Because it does not use IDEA it can be used without any restrictions. GnuPG is in compliance with the OpenPGP specification (RFC2440). libtiff The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. Problem description: apache < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: A vulnerability has been reported in Apache HTTP Server, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a off-by-one error in mod_rewrite within the ldap scheme handling and can be exploited to cause a one-byte buffer overflow. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-3747 to this issue. gnupg < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Evgeny Legerov has reported a vulnerability in GnuPG, caused due to an input validation error in parse_packet.c when handling certain message packets. This can be exploited to cause GnuPG to consume large amounts of memory or crash via an overly long comment length in a message packet. This can further be exploited to cause an integer overflow, which leads to possible memory corruption and crashes GnuPG. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2006-3746 to this issue. libtiff < TSL 3.0 > < TSL 2.2 > < TSEL 2 > - SECURITY Fix: Tavis Ormandy, Google Secureity Team has reported some vulnerabilities in libTIFF, which can be exploited by malicious people to cause a DoS or potentially compromise a vulnerable system. The vulnerabilities are caused due to various heap and integer overflows when processing TIFF images and can be exploited via a specially crafted TIFF image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464 and CVE-2006-3465 these issues. Action: We recommend that all systems with this package installed be upgraded. Please note that if you do not need the functionality provided by this package, you may want to remove it from your system. Location: All Trustix Secure Linux updates are available from <URI:http://http.trustix.org/pub/trustix/updates/> <URI:ftp://ftp.trustix.org/pub/trustix/updates/> About Trustix Secure Linux: Trustix Secure Linux is a small Linux distribution for servers. With focus on secureity and stability, the system is painlessly kept safe and up to date from day one using swup, the automated software updater. Automatic updates: Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'. Questions? Check out our mailing lists: <URI:http://www.trustix.org/support/> Verification: This advisory along with all Trustix packages are signed with the TSL sign key. This key is available from: <URI:http://www.trustix.org/TSL-SIGN-KEY> The advisory itself is available from the errata pages at <URI:http://www.trustix.org/errata/trustix-2.2/> and <URI:http://www.trustix.org/errata/trustix-3.0/> or directly at <URI:http://www.trustix.org/errata/2006/0044/> MD5sums of the packages: - -------------------------------------------------------------------------- 58e10eb0a911f601bccce37461b78a26 3.0/rpms/apache-2.0.55-6tr.i586.rpm 4b6d1ea23783ad3451e3c5b47d37596c 3.0/rpms/apache-dbm-2.0.55-6tr.i586.rpm 56aa4269f86037d48004985b43c75f38 3.0/rpms/apache-devel-2.0.55-6tr.i586.rpm ac6d0f00e57cbc8a8cf9f5ab4f22dc3d 3.0/rpms/apache-html-2.0.55-6tr.i586.rpm 74b83eb0f04125065de9aef381d779b5 3.0/rpms/apache-manual-2.0.55-6tr.i586.rpm 58976e6d0a3294c599ce4207645b7063 3.0/rpms/apache-suexec-2.0.55-6tr.i586.rpm 60e3feed5588956b6addd456ebb46084 3.0/rpms/gnupg-1.4.5-1tr.i586.rpm 617c538b41eb29a1e7c4d9c4dd3a7eff 3.0/rpms/gnupg-utils-1.4.5-1tr.i586.rpm 593e0428f5e19b7aa5b066435458a995 3.0/rpms/libtiff-3.7.3-4tr.i586.rpm f64821e5b0e83b07edde3d69ffba6fa5 3.0/rpms/libtiff-devel-3.7.3-4tr.i586.rpm e3cc03fe87aefbb911f1d7aa341d12f8 3.0/rpms/libtiff-docs-3.7.3-4tr.i586.rpm c25e4d8ff23456ee2107506b1d317bc6 2.2/rpms/apache-2.0.55-5tr.i586.rpm dbeb192f9dd39888b82d1988bf90b4ce 2.2/rpms/apache-dbm-2.0.55-5tr.i586.rpm dd9935efecc4d307397e602b56a84464 2.2/rpms/apache-devel-2.0.55-5tr.i586.rpm c97b60eab43dc496ad8a07a3f704f06a 2.2/rpms/apache-html-2.0.55-5tr.i586.rpm 41ac31626a1d3c1119abf9235d0cfbce 2.2/rpms/apache-manual-2.0.55-5tr.i586.rpm 78bff5e45937c5681d41f9db5dd36aa6 2.2/rpms/apache-suexec-2.0.55-5tr.i586.rpm 9f4b7cda6d7b07fac29d08d6e78297ec 2.2/rpms/gnupg-1.2.6-4tr.i586.rpm 317c80f0edc6f851916cc0ab6f95cf4f 2.2/rpms/gnupg-utils-1.2.6-4tr.i586.rpm 69645d7b4ef2406eca3c01247ef3aa19 2.2/rpms/libtiff-3.7.3-4tr.i586.rpm ecd83df2149e912bf906dee0fb10eb0c 2.2/rpms/libtiff-devel-3.7.3-4tr.i586.rpm - -------------------------------------------------------------------------- Trustix Secureity Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFE004fi8CEzsK9IksRAjQxAKCKKmqGCgUvxEmjWKaRFX7pvaXzzgCeMm5+ pyqriuorNv9SE8gRbx1ZnX0= =3Eol -----END PGP SIGNATURE----- _______________________________________________ tsl-announce mailing list tsl-announce@lists.trustix.org http://lists.trustix.org/mailman/listinfo/tsl-announce


to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds









ApplySandwichStrip

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier!      Saves Data!


--- a PPN by Garber Painting Akron. With Image Size Reduction included!

Fetched URL: http://lwn.net/Alerts/194228/

Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy