Copyright © 2002-2008
EscapeBox Germany
|
|
|
More security vulnerabilities have been found in
the 'tiff' library. We fixed the problem by upgrading to revision 3.7.1.
|
|
|
|
The new stable branch 3.4.x of Multitail is a
merge between the previous stable branch 3.2.x and development code
from 3.3.x. It introduces a number of improvements, and of course
bug fixes.
|
|
|
|
This is a maintenance release which
introduces some minor bug fixes and improvements.
|
|
|
We received information that there is actually
no incompatibility between PHP 4.3.10 and the PHP accelerator we use.
Instead, the pre-compiled script files in the accelerator's disk cache
have been incompatible with PHP 4.3.10. That is, they just needed to
be re-compiled with 4.3.10.
In our case, purging the disk caches in all boxes
fixed the problem at once. These caches are going to fill up again on the
fly as PHP scripts get requested over time. So, operation is back to
normal now.
|
|
|
Several very serious security issues have
been found in PHP versions up to 4.3.9. We fixed the problem by
upgrading to revision 4.3.10 (incl. some patches that correct newly
introduced flaws).
Unfortunately, we had to disable the PHP accelerator
since it turned out to be incompatible with the new PHP4 version. In
fact, according to PHP's bug tracking system all accelerators currently
available break PHP 4.3.10. We will upgrade and re-enable the accelerator
when a fixed version gets released.
In order to reliably activate the new version for
all running instances of PHP4 we rebooted the server boxes (just a
15 seconds soft reboot).
For more information please refer to
http://www.php.net/release_4_3_10.php
|
|
|
|
Just a number of minor bug fixes. There were no
changes in functionality we know of.
|
|
|
|
Several vulnerabilities related to the use
of options in modelines have been found in VIM. They could
potentially result in a local user escalating privileges. We
fixed the problem by upgrading to revision 6.3.45.
|
|
|
|
This maintenance release contains a small
number of nevertheless important bug fixes. There were no
changes in functionality we know of.
|
|
|
|
Some of the changes and bug fixes introduced
by revision 2.67 help improve the spam detection accuracy considerably.
|
|
|
|
A NULL pointer dereference bug has been found
in mod_access_referer that could cause a remote DoS vulnerability.
We fixed the problem by applying the recommended patch.
|
|
|
|
MySQL 4.0 is now our default version. Users
who have been using MySQL 3.23 in the past will continue to do so
by means of a number of symlinks installed in their boxes. For
upgrade instructions please refer to
'/usr/local/mysql-3.23/upgrade/README'.
|
|
|
There is a buffer overflow in Zip 2.3 and possibly
earlier versions. When using recursive folder compression, the bug
allows remote attackers to execute arbitrary code via a ZIP file
containing a long pathname. We fixed the problem by applying the
recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1010
|
|
|
A programming error has been found in FreeBSD's
implementation of the 'procfs' filesystem (usually mounted as '/proc').
A malicious local user could perform a local denial of service attack by
causing a system panic, or he could read parts of kernel memory.
We fixed the problem by applying the recommended
patch. In order to activate the new UNIX kernel we had to reboot all
of our servers. We apologize for the short service interruption.
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc
|
|
|
|
Besides a number of bug fixes and improvements
this release also corrects a potential security flaw that could allow
a malicious user to run arbitrary commands in conjunction with Bash,
due to insufficient environment sanitizing.
|
|
|
|
This is a maintenance release which
introduces some minor bug fixes and improvements.
|
|
|
During an audit of Cyrus IMAPD several
vulnerabilities were discovered which can lead to remote execution
of arbitrary code. In the version of Cyrus IMAPD currently installed
only one of these bugs existed, though. We fixed the problem
by applying the recommended patch.
For more information please refer to
http://security.e-matters.de/advisories/152004.html
|
|
|
|
A potentially serious vulnerability in
conjunction with the highlighting feature has been found in
phpBB. We fixed the problem by upgrading to revision 2.0.11,
which also contains other minor bug fixes and improvements.
Note that if you previously ran revision 2.0.8, 2.0.9 or 2.0.10
there is no upgrade procedure necessary.
|
|
|
The 'fetch' utility is a FreeBSD tool for
fetching files via FTP, HTTP, and HTTPS. An integer overflow
condition in the processing of HTTP headers has been found which
can result in a buffer overflow. A malicious server or CGI script
can respond to an HTTP or HTTPS request in such a manner as to cause
arbitrary portions of the client's memory to be overwritten,
allowing for arbitrary code execution. We fixed the problem by
applying the recommended patch.
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc
|
|
|
|
An XSS scripting flaw has been found in
SquirrelMail. We fixed the problem by applying the recommended patch.
|
|
|
|
This maintenance release corrects some minor
bugs. There is also a security fix included regarding a symlink
attack on temporary files. However, this is of no relevance to our
system since the affected script is not installed in our setup.
|
|
|
A buffer overflow in the 'get_tag' function
in 'mod_include' for Apache 1.3.x allows local users who can create
SSI documents to execute arbitrary code as the Apache user via SSI
(XSSI) documents that trigger a length calculation error.
We fixed the problem by upgrading to Apache
1.3.33. In order to reliably activate the new version for all
running instances of Apache we rebooted the server boxes (just a
15 seconds soft reboot).
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0940
|
|
|
|
This is a maintenance release which
introduces some minor bug fixes and improvements.
|
|
|
In Apache 1.3.32, a change in 'mod_rewrite'
introduced a new bug. For requests forwarded through 'mod_proxy'
(flag 'P') the query string, if available, will be appended twice,
which usually results in a 404 response. We corrected the problem
for now by applying a local patch which effectively backs out the
faulty fix.
For more information please refer to
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14518
|
|
|
|
A number of buffer overrun bugs, in part
remotely exploitable, have been found in libxml2. We fixed the
problem by upgrading to revision 2.6.15.
|
|
|
In Apache 1.3.32, a number of bugs have been fixed
since the latest (security) release 1.3.31. So we upgraded to the new
revision now. This is a bug fix release, and there were no changes in
functionality we know of.
Please note that the mod_proxy security issue
(CAN-2004-0492) mentioned in Apache's ChangeLog had been corrected
already in our system (on 2004-06-12).
|
|
|
|
Besides the usual pile of kernel bug fixes
and improvements from both the FreeBSD project and our todo list
we also corrected a long-standing flaw in FreeBSD's TCP stack
(ignored RST packets during connection shutdown), which we deem
important enough to justify a kernel update at this point. In
order to activate the new UNIX kernel we had to reboot all of our
servers. We apologize for the short service interruption (less than
10 minutes).
|
|
|
So far, on-the-fly compression for web content has
been enabled in our default setup for static HTML pages (incl. SSI), CGI
scripts and PHP. We now added 'mod_gzip' support also for the output
generated by some of the optional Apache modules, namely 'mod_fastcgi',
'mod_perl', 'mod_python' and 'mod_jk' (Tomcat via Apache).
In case you have a private copy of
'/box/bin/httpd.conf.eperl' in your server box, in order to benefit
from this change, too, you would just need to add the following lines
to the config section of 'mod_gzip':
mod_gzip_item_include handler ^fastcgi-script$
mod_gzip_item_include handler ^perl-script$
mod_gzip_item_include handler ^python-program$
mod_gzip_item_include handler ^jakarta-servlet$
As always, for a more complete synchronization
with our default setup the original shared, non-overlayed files can be
found under '/system/sd'.
|
|
|
|
Multiple heap-based buffer overflows have been
found in the 'tiff' library image decoding routines, potentially allowing
the execution of arbitrary code with the rights of the user viewing a
maliciously crafted image. We fixed the problem by applying the
recommended patch.
|
|
|
|
Two problems have been found in Cyrus-SASL.
Under certain conditions it is possible for a local user to exploit
a vulnerability in the way the SASL_PATH environment variable is
honored. The second bug, a remote buffer overflow in the 'digestmd5.c'
file, does not apply to our revision of Cyrus-SASL. We applied the
recommended patches.
|
|
|
|
In addition to Jakarta-Tomcat 3.3 and 4.1 we
installed revision 5.0.28 in order to also support Servlet/JSP specs
2.4/2.0. Which Tomcat server gets started at boot time depends on what
startup script is in place. 'mod_jk' works with any of them.
|
|
|
|
This maintenance release fixes more than
50 bugs that have been discovered and resolved since the 4.3.8 release.
|
|
|
|
Due to insufficient interlocking between
transaction commit and checkpointing, it was possible for transactions
committed just before the most recent checkpoint to be lost, in whole
or in part, following a database crash and restart. This is a serious
bug that has existed since PostgreSQL 7.1. We fixed the problem by
upgrading to revision 7.3.7.
|
|
|
Our FreeBSD kernel has been in sync for a
while now with the latest revision in the 4-STABLE branch (4.10),
so at this point we upgraded Userland to 4.10 as well. From the
user's perspective the changes will be hardly noticeable. Most are
"under the hood", and in this development branch new features are
generally implemented with compatibility in mind. Also, the actual
application software packages (web, email etc.) are not affected
by this upgrade since they are separate from the base system.
In order to bump up the version number to
4.10 (hard-wired in the kernel) we had to reboot all of our servers.
We apologize for the short service interruption (less than 15 minutes).
|
|
|
Some of our users may have noticed that the
server load went up today for a short period of time. Some lowlife
on a probably hacked server (80.190.240.3) pounded our operation with
SSH connection attempts. That is, apparently not our servers in
particular, but rather whatever he found within the IP block our
gear is assigned to. We have no information at this point on
whether this was just a DoS attack (server overload) or a brute
force password guessing attempt.
In any case, we lost no time and blocked the
IP traffic coming from that address. The attack ceased, the load went
down, our pagers fell silent, end of story. Have a nice weekend. :-)
|
|
|
|
A buffer overrun bug associated with decoding
runlength-encoded BMP images has been found in ImageMagick. This
vulnerability could be exploited to execute arbitrary code on an
affected system. We fixed the problem by upgrading to revision
5.5.7.30.
|
|
|
|
Besides adding a number of new features
this is mainly a bug fix release. This is the tool that maintains
the round robin box usage database which is part of each server
box, and also generates the statistics diagrams.
|
|
|
|
This is basically a bug fix release. Note
that if you previously ran revision 2.0.8 or 2.0.9 there is no
upgrade procedure necessary.
|
|
|
Besides fixing two minor information leaks in
conjunction with the 'arp' and 'route get' commands we have an
adaptive congestion avoidance mechanism in place now that reduces
packet loss and timeouts on slow dial-up lines (modem, ISDN) without
compromising on speed with faster access technologies (DSL, cable and
better).
Also, an ample amount of other fixes and
improvements from our todo list went into this update as well. In
order to activate the new UNIX kernel we had to reboot all of our
servers. We apologize for the short service interruption (less than
10 minutes).
|
|
|
|
Besides adding some new features this is mainly
a bug fix release.
|
|
|
Currently there are reports stating that the Zlib
compression library (revision 1.2 or later) contains a vulnerability that
can be used for local and remote DoS attacks. Please note that in our
system the Zlib shared library is part of the FreeBSD base installation,
is currently at revision 1.1.4 and is therefore not affected. However,
users with privately installed software may want to investigate this issue
in their realm, too.
For more information please refer to
http://www.securitytracker.com/alerts/2004/Aug/1011085.html
|
|
|
|
FreeBSD's ports repository maintainers recently
introduced an extended 'INDEX' file format (additional fields). In
order to stay in sync with this change we upgraded the Portupgrade tools
to revision 20040701 now. Please note that this is of relevance only
to those who happen to have a copy of said repository installed under
'/usr/ports'.
|
|
|
|
A problem has been found in the CGI session
management of Ruby. CGI::Session's FileStore implementations store
session information insecurely. They simply create files, ignoring
permission issues. This can lead an attacker who has also shell access
to the webserver to take over a session. We fixed the problem by
upgrading Ruby 1.6.8 to the latest snapshot as of 2004-07-28.
|
|
|
There is a path-sanitizing bug that affects daemon
mode in all recent 'rsync' versions. For anyone running an 'rsync' daemon
with chroot turned off while permitting the uploading of files, this bug can
allow a carefully crafted filename for the --backup-dir option to cause
'rsync' to overwrite a file outside of the module's path. We applied the
recommended patch.
For more information please refer to
http://lists.samba.org/archive/rsync-announce/2004/000017.html
|
|
|
|
Besides adding a number of new command line options
this is mainly a bug fix release.
|
|
|
|
Besides some other, less urgent problems we found
and fixed a programming error in FreeBSD's VM system that can (and will)
lead to a kernel panic due to a null pointer dereference under rare but not
too unlikely circumstances. An official FreeBSD problem report submission
is in the works. In order to activate the new UNIX kernel we had to
reboot all of our servers. We apologize for the short service interruption
(less than 10 minutes).
|
|
|
Multiple vulnerabilities in Pavuk 0.9.28 are
caused due to boundary errors within the digest authentication handler.
This can be exploited via malicious digest authentication challenges
with specially crafted nonce or realm values. We fixed the problem
by applying the recommended patch.
For more information please refer to
http://secunia.com/advisories/12152
|
|
|
Two security flaws have been found in PHP.
One can be abused to execute arbitrary code on remote PHP servers,
while the other may allow injection of malicious Javascript in the
Internet Explorer and Safari browsers. In order to fix the problem
we upgraded to revision 4.3.8 and restarted all running Apache
processes.
Also, due to a change in PHP's configuration
with regard to PDFLIB support we had to change the central 'php.ini'
file. In order to ensure flawless operation for all server boxes we
also updated private copies of this file.
For more information please refer to
http://security.e-matters.de/advisories/112004.html
http://security.e-matters.de/advisories/122004.html
|
|
|
|
More security problems have been fixed in
revision 2.0.9 of the popular phpBB2 discussion forum software.
We installed this release now. Note that if you previously ran
revision 2.0.8 there is no upgrade procedure necessary.
|
|
|
|
Just another round of bug fixes and IM protocol
adjustments.
|
|
|
|
A number of bugs in PostgreSQL have been fixed
recently, so we upgraded to revision 7.3.6 now. This is a bug fix
release, and there were no changes in functionality we know of.
|
|
|
|
Snownews is a text mode RSS newsreader with
plugin support for other feed formats. Its purpose is to keep track
of updates to online magazines, news services, weblogs etc. in a time
and resource efficient manner. Especially fans of Mutt, Slrn and Lynx
may consider this a welcome addition.
|
|
|
|
In the ongoing spam vs. antispam arms race
Razor-agents, a signature based spam detection mechanism embedded in
SpamAssassin, has grown a new algorithm: Whiplash signatures. Whiplash
signatures are based on canonical domain names present in URLs
embedded in spam messages. We upgraded to revision 2.61, which supports
the new feature, and restarted all running 'spamd' processes.
|
|
|
It has been discovered that the 'libpng' library
does not correctly calculate offsets, which allows remote attackers to
cause a denial of service (crash) and possibly execute arbitrary code
via a buffer overflow attack on the row buffers. We applied the
recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1363
|
|
|
We decided to schedule a kernel update at this point
because a programming error has been found in the filesystem code that,
under rare but not too unlikely circumstances, can lead to a kernel panic
due to a locking conflict. We fixed the problem by applying the
recommended patch.
As usual, a load of other, less urgent fixes and
improvements went into the new kernel as well, including faster and more
efficient TCP retransmit algorithms like "Eifel detection" and "early
retransmit" which can make a significant difference especially on slower
or congested (dialup) links. In order to activate the new UNIX kernel
we had to reboot all of our servers. We apologize for the short service
interruption (less than 10 minutes).
|
|
|
|
The latest stable CVS release (1.11.17) found its
way into FreeBSD's STABLE branch now, so in light of all the recent security
problems with CVS we upgraded swiftly to the new release.
|
|
|
|
A security audit revealed that Pavuk contains
a buffer overflow bug potentially allowing an attacker to run arbitrary
code. We fixed the problem by applying the recommended patch.
|
|
|
|
This is a pure maintenance upgrade in order to
keep our preinstalled version sufficiently recent.
|
|
|
|
We upgraded to SquirrelMail 1.4.3a. This is
a bug fix release that also resolves a number of XSS issues.
|
|
|
A buffer overflow in Apache's mod_proxy has
been found that might be exploitable. We fixed the problem by applying
the recommended patch. In order to activate the corrected version we
restarted all running Apache instances.
For more information please refer to
http://www.guninski.com/modproxy1.html
|
|
|
|
This is another maintenance release with
plenty of bug fixes. It addresses an input validation vulnerability,
but this applies to the Windows platform, only.
|
|
|
A programming error has been found that is
resulting in a failure to verify that an attempt to manipulate routing
tables originated from a non-jailed process. Jailed processes running
with superuser privileges could modify host routing tables. This could
result in a variety of consequences including packets being sent via an
incorrect network interface and packets being discarded entirely.
We fixed the problem by applying the recommended
patch. In order to activate the new UNIX kernel we had to reboot all
of our servers. We apologize for the short service interruption (less
than 10 minutes).
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:12.jailroute.asc
|
|
|
There has been widespread abuse lately of Habeas
marks in email, which are normally supposed to help tell spam from ham.
Habeas fixed the problem by switching from a blacklist-only mechanism
to a combination of white- and blacklists. We installed the recommended
patch now and restarted all running 'spamd' processes.
For more information please refer to
http://www.habeas.com/pr16.html
|
|
|
The Gallery developers found a major security
issue with 'init.php', which allowed anybody to login as any user
(including 'admin') with no password, by emulating that Gallery was
embedded.
We fixed this by applying the recommended patch
to both installed releases 1.3.3 and 1.3.4.
|
|
|
Programming errors in the implementation of
the msync(2) system call involving the MS_INVALIDATE operation lead
to cache consistency problems between the virtual memory system and
on-disk contents. In some situations, a user with read access to a
file may be able to prevent changes to that file from being committed
to disk.
We fixed the problem by applying the recommended
patches. In order to activate the new UNIX kernel we had to reboot all
of our servers. We apologize for the short service interruption (less
than 10 minutes).
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:11.msync.asc
|
|
|
|
This is a pure maintenance upgrade in order to
keep our preinstalled version sufficiently recent.
|
|
|
Due to a programming error in code used
to parse data received from the client, malformed data can cause
a heap buffer to overflow, allowing the client to overwrite
arbitrary portions of the server's memory. A malicious CVS client
may run arbitrary code on the server at the privilege level of the
CVS server software.
This programming error has a security impact
only when using CVS in "pserver" mode. We fixed the problem by
installing the recommended patch.
For more information please refer to
http://security.e-matters.de/advisories/072004.html
|
|
|
|
Just a number of minor bug fixes. There were no
changes in functionality we know of.
|
|
|
Apart from a number of bug fixes and improvements
that have accumulated over the last couple of weeks, we have raw IP socket
support for server boxes in the kernel now, which means that commands like
'ping', 'traceroute' etc. work as expected. More sophisticated network
tools like 'fping' and 'mtr' are in place too.
We implemented this feature in a secure way in
that it is not possible to spoof the source IP address of packets or
to access parts of the system through these sockets that are supposed
to be off limits to server boxes (central firewall config etc.). In
order to activate the new UNIX kernel we had to reboot all of our servers.
We apologize for the short service interruption (less than 10 minutes).
|
|
|
All versions of Exim so far have been found
to contain a programming error that can lead to a remotely exploitable
stack-based buffer overflow. We fixed the problem with patches similar
to those proposed in the security advisory and restarted all running
Exim instances.
For more information please refer to
http://www.guninski.com/exim1.html
|
|
|
It has been discovered that the 'libpng' library
would access memory that is out of bounds when creating an error message.
The impact of this bug is not clear, but it could lead to a core dump in
a program using 'libpng', or could result in a DoS condition in a daemon
that uses 'libpng' to process PNG images. We applied the recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0421
|
|
|
With 'rsync' in daemon mode, specially crafted
paths could result in writing files outside of the module's "path"
setting. Users not running a daemon, running a read-only daemon, or
running a chrooted daemon are unaffected, though.
Actually, the security fix was in 2.6.1 already,
but that release was botched and has been replaced by 2.6.2. Also,
apart from other bug fixes, a number of improvements and optimizations
have been introduced since revision 2.5.7.
|
|
|
| |
