TSLSA-2007-0019 - multi

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TSLSA-2007-0019 - multi
From: Trustix Security Advisor <tsl@xxxxxxxxxxx>
Date: Fri, 25 May 2007 11:08:54 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.4.2.1i
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2007-0019

Package names:     fetchmail, freetype, gd, libpng, python24 
Summary:           Multiple vulnerabilities
Date:              2007-05-25
Affected versions: Trustix Secure Linux 2.2
                   Trustix Secure Linux 3.0
                   Trustix Secure Linux 3.0.5
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  fetchmail
  Fetchmail is a remote mail retrieval and forwarding utility intended
  for use over on-demand TCP/IP links, like SLIP or PPP connections.
  Fetchmail supports every remote-mail protocol currently in use on the
  Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
  and IPSEC) for retrieval. Then Fetchmail forwards the mail through
  SMTP so you can read it through your favorite mail client.

  freetype
  The FreeType engine is a free and portable TrueType font rendering
  engine, developed to provide TrueType support for a variety of
  platforms and environments. FreeType is a library which can open 
  and manages font files as well as efficiently load, hint and render
  individual glyphs. FreeType is not a font server or a complete
  text-rendering library.

  gd
  gd is a graphics library. It allows your code to quickly draw images
  complete with lines, arcs, text, multiple colors, cut and paste from
  other images, and flood fills, and write out the result as a PNG or
  JPEG file. This is particularly useful in World Wide Web applications,
  where PNG and JPEG are two of the formats accepted for inline images
  by most browsers.

  libpng
  libpng is a library of functions for creating and manipulating PNG
  (Portable Network Graphics) image format files.

  python24
  Python is an interpreted, interactive, object-oriented programming
  language often compared to Tcl, Perl, Scheme or Java. Python includes
  modules, classes, exceptions, very high level dynamic data types and
  dynamic typing. Python supports interfaces to many system calls and
  libraries.

Problem description:
  fetchmail < TSL 3.0.5 > < TSL 3.0 >
  - New upsteam.
  - SECURITY Fix: A weakness has been identified which is caused
    by an error in the APOP protocol that fails to properly prevent
    MD5 collisions, which could be exploited via man-in-the-middle
    attacks and specially crafted message-IDs to potentially disclose
    the first three characters of passwords.
                                                                                
                                           
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2007-1558 to this issue.

  freetype < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
  - SECURITY Fix: Victor Stinner has reported a vulnerability in
    FreeType, caused due to an error when parsing malformed TTF 
    fonts in src/truetype/ttgload.c and may be exploited when
    processing a specially crafted TTF font.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-2754 to this issue.
 
  gd < TSL 3.0.5 > < TSL 3.0 > < TSL 2.2 >
  - SECURITY Fix: Xavier Roche has reported a vulnerability in GD
    Graphics Library caused due to the incorrect use of libpng within
    the function "gdPngReadData()" when processing truncated data.
    This can be exploited to cause an infinite loop by e.g. tricking
    an application using the library to process a specially crafted file.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) 
    has assigned the name CVE-2007-2756 to this issue.

  libpng < TSL 3.0.5 > < TSL 3.0 >< TSL 2.2 > < TSEL 2> 
  - SECURITY Fix: A vulnerability has been reported in libpng, caused
    due to an error in the "png_handle_tRNS" function in pngrutil.c.
    This can be exploited by tricking an application using the library
    to process a specially crafted PNG file containing a malformed
    tRNS chunk.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-2445 to this issue.

  python24 < TSL 3.0.5 >
  - SECURITY Fix: A vulnerability has been identified, which could
    be exploited by attackers to gain knowledge of potentially
    sensitive information. This issue is caused by an off-by-one
    error in the "PyLocale_strxfrm()" [Modules/_localemodule.c]
    function when calculating the "n2" buffer size, which could be
    exploited by attackers to disclose and read portions of memory.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the name CVE-2007-2052 to this issue.

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  <URI:http://www.trustix.org/errata/trustix-3.0/> and
  <URI:http://www.trustix.org/errata/trustix-3.0.5/>
  or directly at
  <URI:http://www.trustix.org/errata/2007/0019/>


MD5sums of the packages:
- --------------------------------------------------------------------------
7e7fca1269d3cef8364255068ca0f0eb  3.0.5/rpms/fetchmail-6.3.8-1tr.i586.rpm
b8253ea826e589446d340459bc0c8e19  3.0.5/rpms/freetype-2.2.1-4tr.i586.rpm
f3f5bc6cd33b050f3b20132ed962c569  3.0.5/rpms/freetype-devel-2.2.1-4tr.i586.rpm
25cb794e2a82cd79cbbacbc5b9a37e90  3.0.5/rpms/gd-2.0.33-9tr.i586.rpm
3ad81c1bb37200a1512548098cc058c5  3.0.5/rpms/gd-devel-2.0.33-9tr.i586.rpm
9ca0451a302ceb6ad281a1387aa0858c  3.0.5/rpms/gd-utils-2.0.33-9tr.i586.rpm
7ef7ade271351a872d36d07474a5df1c  3.0.5/rpms/libpng-1.2.8-7tr.i586.rpm
1f4800a01ce727e0762a03d6111e87e7  3.0.5/rpms/libpng-devel-1.2.8-7tr.i586.rpm
61ad38f6a3575f36373fce0a590a99c4  3.0.5/rpms/libpng-tools-1.2.8-7tr.i586.rpm
190ad056b4845b0a55871ba2a4dc0415  3.0.5/rpms/python24-2.4.3-3tr.i586.rpm
c9f6db6204a43e1dced98335ef2e707e  3.0.5/rpms/python24-devel-2.4.3-3tr.i586.rpm
cf8bc6fad6d1ebe2cbdcd82fa73cb7a5  3.0.5/rpms/python24-docs-2.4.3-3tr.i586.rpm
306f3bb8368df63bfc8d26f943086ed2  3.0.5/rpms/python24-gdbm-2.4.3-3tr.i586.rpm
2efe519b245c7a7ac0d3bf39658ae844  3.0.5/rpms/python24-idle-2.4.3-3tr.i586.rpm
f67994c30577317cd00cc2c7fa12b36e  3.0.5/rpms/python24-modules-2.4.3-3tr.i586.rpm

95d9d0b13dcf5eb4be9e6a244c103073  3.0/rpms/fetchmail-6.3.8-1tr.i586.rpm
4b3632b42bd1f44831553f7e6c0e18d0  3.0/rpms/freetype-2.2.1-3tr.i586.rpm
e8525aeb5dcd9b74803da0ca8cf5a038  3.0/rpms/freetype-devel-2.2.1-3tr.i586.rpm
1b3cc6c8410795d4f0928a00ee21a56e  3.0/rpms/gd-2.0.33-8tr.i586.rpm
74bb9464d9cdf55864d7b9107b411742  3.0/rpms/gd-devel-2.0.33-8tr.i586.rpm
4ddc9896fec17c94f493461a56da0c20  3.0/rpms/gd-utils-2.0.33-8tr.i586.rpm
86ebb35e3ac771671381c57dfa47499a  3.0/rpms/libpng-1.2.8-6tr.i586.rpm
be14341a8c739f36518a9c9be0b1aae3  3.0/rpms/libpng-devel-1.2.8-6tr.i586.rpm
6cdfac28461801d5017364aa3acfe9d7  3.0/rpms/libpng-tools-1.2.8-6tr.i586.rpm

999941386f1af1854592aaeb2527738d  2.2/rpms/freetype-2.2.1-3tr.i586.rpm
2c8e070510dc431d4912d4fd7a718e72  2.2/rpms/freetype-devel-2.2.1-3tr.i586.rpm
75fe49d9388dcd718419d9c7fa295f62  2.2/rpms/gd-2.0.33-6tr.i586.rpm
ffb27b795f47bae1b270d0602b9a8961  2.2/rpms/gd-devel-2.0.33-6tr.i586.rpm
8926492e1dad737d05de5703fa37dfae  2.2/rpms/gd-utils-2.0.33-6tr.i586.rpm
136a054c65e5106c00c1f6e39bb7614c  2.2/rpms/libpng-1.2.7-3tr.i586.rpm
c3f5efe104098c7484f704a6cc52f728  2.2/rpms/libpng-devel-1.2.7-3tr.i586.rpm
29c0926024f2b122073bf96955f3a46b  2.2/rpms/libpng-tools-1.2.7-3tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFGVrPfi8CEzsK9IksRAvPqAJ0Yjfv2b9+KBwnxfPboznlr/V0XJQCcCmha
/Ok1CVATXlidPmuSa5X6cDg=
=TaL6
-----END PGP SIGNATURE-----
Prev by Date: Vulnerability - cpCommerce - XSS
Next by Date: iDefense Security Advisory 05.25.07: Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities
Previous by thread: Vulnerability - cpCommerce - XSS
Next by thread: iDefense Security Advisory 05.25.07: Sun Java System Web Proxy Multiple Buffer Overflow Vulnerabilities
Index(es):
- Date
- Thread