TSLSA-2006-0048 - multi
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2006-0048
Package names: imagemagick, kernel, php, php4
Summary: Multiple vulnerabilities
Date: 2006-08-25
Affected versions: Trustix Secure Linux 2.2
Trustix Secure Linux 3.0
- --------------------------------------------------------------------------
Package description:
imagemagick
ImageMagick is a robust collection of tools and libraries to read,
write and manipulate an image in any of the more popular image formats
including GIF, JPEG, PNG, PDF, and Photo CD.
kernel
The kernel package contains the Linux kernel (vmlinuz), the core of
your Trustix Secure Linux operating system. The kernel handles the
basic functions of the operating system: memory allocation, process
allocation, device input and output, etc.
php
PHP is an HTML-embedded scripting language. PHP attempts to
make it easy for developers to write dynamically generated web
pages. PHP also offers built-in database integration for several
commercial and non-commercial database management systems, so
writing a database-enabled web page with PHP is fairly simple.
The most common use of PHP coding is probably as a replacement
for CGI scripts. The mod_php module enables the Apache web server
to understand and process the embedded PHP language in web pages.
php4
PHP4 is an HTML-embedded scripting language. PHP attempts to
make it easy for developers to write dynamically generated web
pages. PHP also offers built-in database integration for several
commercial and non-commercial database management systems, so
writing a database-enabled web page with PHP is fairly simple.
The most common use of PHP coding is probably as a replacement
for CGI scripts. The mod_php module enables the Apache web server
to understand and process the embedded PHP language in web pages.
Problem description:
imagemagick < TSL 3.0 > < TSL 2.2 >
- New Upstream.
- SECURITY Fix: Tavis Ormandy has reported some vulnerabilities in
ImageMagick, which potentially can be exploited by malicious people
to compromise a vulnerable system.
- Fix boundary errors within the "DecodeBitmap()" function and the
"ReadSUNImage()" function in sun.c which can be exploited to cause
heap-based buffer overflows when processing specially crafted
Sun Rasterfile images.
- Fix boundary errors within the XCF image decoder which can be
exploited to cause a stack-based and a heap-based overflow when
processing specially crafted XCF image files.
- Damian Put has discovered a vulnerability in ImageMagick, which can
be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a user's system. The vulnerability is
caused due to an integer overflow in the "ReadSGIImage()" function
when decoding SGI image files.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2006-3744, CVE-2006-3743 and CVE-2006-4144
to these issues.
kernel < TSL 3.0 >
- New upstream.
- SECURITY FIX: A vulnerability has been identified caused due to
an error in the SCTP module within the "sctp_make_abort_user()"
function and can be exploited to execute arbitrary code with
escalated privileges.
- A vulnerability has been identified in Linux Kernel, which is due
to an error in the Universal Disk Format (UDF) module when
truncating certain files, which could be exploited by malicious
users to panic a vulnerable system, creating a denial of service
condition.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2006-3745 and CVE-2006-4145 to
these issues.
php < TSL 3.0 > < TSL 2.2 >
- New Upstream
- SECURITY Fix: Added missing safe_mode/open_basedir checks inside the
error_log(), file_exists(), imap_open() and imap_reopen() functions.
- Fixed overflows inside str_repeat() and wordwrap() functions on
64bit systems.
- Fixed possible open_basedir/safe_mode bypass in cURL extension and
with realpath cache.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed a buffer overflow inside sscanf() function.
- Fixed an out of bounds read inside stripos() function.
- Fixed memory_limit restriction on 64 bit system.
php4 < TSL 2.2 >
- New Upstream.
- SECURITY Fix: Fixed overflows inside str_repeat() and wordwrap()
functions on 64bit systems.
- Fixed overflow in GD extension on invalid GIF images.
- Fixed possible open_basedir/safe_mode bypass in cURL extension.
- Fixed overflows inside str_repeat() and wordwrap() functions on
64bit systems.
- Fixed a buffer overflow inside sscanf() function.
- Fixed memory_limit restriction on 64 bit system.
Action:
We recommend that all systems with this package installed be upgraded.
Please note that if you do not need the functionality provided by this
package, you may want to remove it from your system.
Location:
All Trustix Secure Linux updates are available from
<URI:http://http.trustix.org/pub/trustix/updates/>
<URI:ftp://ftp.trustix.org/pub/trustix/updates/>
About Trustix Secure Linux:
Trustix Secure Linux is a small Linux distribution for servers. With focus
on security and stability, the system is painlessly kept safe and up to
date from day one using swup, the automated software updater.
Automatic updates:
Users of the SWUP tool can enjoy having updates automatically
installed using 'swup --upgrade'.
Questions?
Check out our mailing lists:
<URI:http://www.trustix.org/support/>
Verification:
This advisory along with all Trustix packages are signed with the
TSL sign key.
This key is available from:
<URI:http://www.trustix.org/TSL-SIGN-KEY>
The advisory itself is available from the errata pages at
<URI:http://www.trustix.org/errata/trustix-2.2/> and
<URI:http://www.trustix.org/errata/trustix-3.0/>
or directly at
<URI:http://www.trustix.org/errata/2006/0048/>
MD5sums of the packages:
- --------------------------------------------------------------------------
75dca6fbda6a74269aaab397c90ed85c 3.0/rpms/imagemagick-6.2.9.1-1tr.i586.rpm
12df3d45877a0a006236e81546d6bbb0
3.0/rpms/imagemagick-devel-6.2.9.1-1tr.i586.rpm
7f3b0dfff3c65918540f4c6c5c6bdf4f 3.0/rpms/kernel-2.6.17.11-1tr.i586.rpm
1d4e399d3c9498171e966357f3290bc7 3.0/rpms/kernel-doc-2.6.17.11-1tr.i586.rpm
dc61b6605918dbe4bd4d5c30f6283a1a 3.0/rpms/kernel-headers-2.6.17.11-1tr.i586.rpm
e5fa31086eeba5b634cee5863042d8b6 3.0/rpms/kernel-smp-2.6.17.11-1tr.i586.rpm
19012dc1ee8ce2c0ba4ef8f74c1275bb
3.0/rpms/kernel-smp-headers-2.6.17.11-1tr.i586.rpm
d21b5b5f3b57e6b97ceca38c203919cf 3.0/rpms/kernel-source-2.6.17.11-1tr.i586.rpm
3f4947fe967b0ed54df0485d3c7b7516 3.0/rpms/kernel-utils-2.6.17.11-1tr.i586.rpm
e2e9bef09bf2d54626a1a44c20efb96a
3.0/rpms/perl-image-magick-6.2.9.1-1tr.i586.rpm
03c541d07331d236b1daeea31e1d38ef 3.0/rpms/php-5.1.5-1tr.i586.rpm
d0bcdfd46934a4a77aed4b3d0d9f3df6 3.0/rpms/php-calendar-5.1.5-1tr.i586.rpm
86a7f15ae3d543d74b4c57fff886f48f 3.0/rpms/php-cli-5.1.5-1tr.i586.rpm
37ac20f6cbcbc30b175ec712da305096 3.0/rpms/php-curl-5.1.5-1tr.i586.rpm
3a78d6a90f75948306e12c60d0f8468f 3.0/rpms/php-dba-5.1.5-1tr.i586.rpm
45025160855dee28cdb988a64476d643 3.0/rpms/php-devel-5.1.5-1tr.i586.rpm
8322d6a9934ba490e231c4cdcb28a1e3 3.0/rpms/php-exif-5.1.5-1tr.i586.rpm
3ecb7dff8079e75c0d97f1af62567bb2 3.0/rpms/php-fcgi-5.1.5-1tr.i586.rpm
30f9cd4a5a162e5fc71d21d2fa9b8554 3.0/rpms/php-gd-5.1.5-1tr.i586.rpm
59f3be543785e530d11cecc398c7802e 3.0/rpms/php-imap-5.1.5-1tr.i586.rpm
7c488eda027b41c77e711f940ee5f6ba 3.0/rpms/php-ldap-5.1.5-1tr.i586.rpm
d0b9cd7d3f24d2ec2f0b9b1148ea1031 3.0/rpms/php-mhash-5.1.5-1tr.i586.rpm
f119d7506fa6c2e3bb5f965e48bdc582 3.0/rpms/php-mysql-5.1.5-1tr.i586.rpm
06d925cca3d3d93ec490bf468928e832 3.0/rpms/php-mysqli-5.1.5-1tr.i586.rpm
6a5b0464c40365bfee510ad15e53cb15 3.0/rpms/php-pgsql-5.1.5-1tr.i586.rpm
5fb09252a0e568947b720cd46c28eb7e 3.0/rpms/php-pspell-5.1.5-1tr.i586.rpm
3ecb34a25f9649e652f83d89cc70d005 3.0/rpms/php-snmp-5.1.5-1tr.i586.rpm
7fc0011a3ab2bf81618439592657b1b5 3.0/rpms/php-xslt-5.1.5-1tr.i586.rpm
d6edd32f27812c0b39266b13433f7459 3.0/rpms/php-zlib-5.1.5-1tr.i586.rpm
5141ac258250909b9feef2caaa6e8eb8 2.2/rpms/imagemagick-6.2.9.1-1tr.i586.rpm
3a2e7fc128ee7fc1069d2ac2363eb613
2.2/rpms/imagemagick-devel-6.2.9.1-1tr.i586.rpm
f664b416af2a928f6d3f00192784299d
2.2/rpms/perl-image-magick-6.2.9.1-1tr.i586.rpm
9b14736c3209ae5b00ba26969dccd715 2.2/rpms/php-5.1.5-1tr.i586.rpm
32bb2d974baa57043b3adc8ab7ff7f1d 2.2/rpms/php-cli-5.1.5-1tr.i586.rpm
99e73068da9b5ba28d171581d7c03868 2.2/rpms/php-curl-5.1.5-1tr.i586.rpm
d1da53f6c2eebd05dc4dce5600834b89 2.2/rpms/php-devel-5.1.5-1tr.i586.rpm
290cbd9a1c75ccb4bb923187a5959567 2.2/rpms/php-exif-5.1.5-1tr.i586.rpm
25f633a771ff8b0ac2d7bc83f70bcead 2.2/rpms/php-fcgi-5.1.5-1tr.i586.rpm
e7723ec836a689b4407acabcc3e4fc5b 2.2/rpms/php-gd-5.1.5-1tr.i586.rpm
bdfda47a717e8e074b712c148c401f35 2.2/rpms/php-imap-5.1.5-1tr.i586.rpm
3339965e07b9174cc33497067ad09ea0 2.2/rpms/php-ldap-5.1.5-1tr.i586.rpm
7f70bccaaa298571bd0f83b094ead1e5 2.2/rpms/php-mhash-5.1.5-1tr.i586.rpm
12303610c58402df756f45a582e4a84f 2.2/rpms/php-mysql-5.1.5-1tr.i586.rpm
6253cf1fed49519ede5111f774431ee4 2.2/rpms/php-mysqli-5.1.5-1tr.i586.rpm
48d0812419b3a2dcd8cbfb42b0e2eb32 2.2/rpms/php-pgsql-5.1.5-1tr.i586.rpm
0bf4143328474fa35fbe74ec32a6005f 2.2/rpms/php-zlib-5.1.5-1tr.i586.rpm
416c3ae67c073d901679d705c10bf7c4 2.2/rpms/php4-4.4.4-1tr.i586.rpm
d5eb03d4b047f99f03f206fde97af4c7 2.2/rpms/php4-cli-4.4.4-1tr.i586.rpm
007d92c2585a97f47392c9e14e9f9212 2.2/rpms/php4-curl-4.4.4-1tr.i586.rpm
3c5e768eb3f2fd0ac7bc0c7018b5d525 2.2/rpms/php4-devel-4.4.4-1tr.i586.rpm
76bbf9610dff9c0b2db4e8c3f5eaa870 2.2/rpms/php4-domxml-4.4.4-1tr.i586.rpm
048f8b70e4496c6df923a06dbcd3762d 2.2/rpms/php4-exif-4.4.4-1tr.i586.rpm
c57514514a8192731ec94631f572276a 2.2/rpms/php4-fcgi-4.4.4-1tr.i586.rpm
832dad38de77d1d6e93b385981ec351a 2.2/rpms/php4-gd-4.4.4-1tr.i586.rpm
b6d3882623cb969310e8734ad626495a 2.2/rpms/php4-imap-4.4.4-1tr.i586.rpm
9096a26e6643c981c95c90b87f1e9e19 2.2/rpms/php4-ldap-4.4.4-1tr.i586.rpm
9951d9badb55dbc1415fa753274e37f8 2.2/rpms/php4-mhash-4.4.4-1tr.i586.rpm
d6e12afafb9ec89d9bdaa814c048ca2a 2.2/rpms/php4-mysql-4.4.4-1tr.i586.rpm
f5bb6135871a2de5dd670ea70334de98 2.2/rpms/php4-pgsql-4.4.4-1tr.i586.rpm
3156ceb5fc2add2c71fc2e2fd20c9e1d 2.2/rpms/php4-test-4.4.4-1tr.i586.rpm
- --------------------------------------------------------------------------
Trustix Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFE7u7Hi8CEzsK9IksRAg65AKCx8wiL5EE9dVUHblKbSKctP6FHywCdEYd6
1+eUonUJYG8Sq2/pVBxhVnM=
=E+1X
-----END PGP SIGNATURE-----