Copyright © 2002-2008
EscapeBox Germany
|
|
Fetchmail contains a bug that causes an
application crash when Fetchmail is configured for multidrop mode
and the upstream mail server sends a message without headers. As
Fetchmail does not record this message as "previously fetched", it
will crash with the same message if it is re-executed, so it cannot
make progress. A malicious or broken-into upstream server could
thus cause a denial of service in Fetchmail clients. We fixed the
problem by upgrading to revision 6.3.1.
For more information please refer to
http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt
|
|
|
A Cross-Site Scripting (XSS) vulnerability has
been found in the Apache HTTP server. The flaw exists in the "mod_imap"
extension module and occurs when using the "Referer" directive with
image maps. In certain configurations a remote attacker could perform
an XSS attack if a victim can be forced to visit a malicious URL using
certain web browsers. We fixed the problem by applying the recommended
patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
|
|
|
It has been discovered that certain malformed
URLs trigger an off-by-one(two) buffer overflow. This may lead to
unintended arbitrary code execution. We fixed the problem by upgrading
to revision 7.15.1.
For more information please refer to
http://curl.haxx.se/docs/adv_20051207.html
|
|
|
|
With this upgrade we introduce the 3.x branch
of JOE (Wordstar like text editor) which has a number of new
features over the 2.x branch, like UTF-8 support and Syntax Highlighting.
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
|
This is a maintenance release which
introduces some bug fixes and improvements.
|
|
|
An arbitrary command execution vulnerability
was discovered in the Lynx "lynxcgi:" URI handler. An attacker could
create a web page that redirects to a malicious URL which could then
execute arbitrary code as the user running Lynx. We fixed the problem
by upgrading to revision 2.8.5rel.5.
For more information please refer to
http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities
|
|
|
|
VIM 6.4 is a maintenance release, containing
additional syntax files, translations and all 90 patches to 6.3.
It is a "reset" for future patch fixes.
|
|
|
|
This maintenance release introduces a number
of bug fixes, improvements and new features.
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
Multiple vulnerabilities found in phpBB allow
XSS, SQL injection and remote code execution. Apart from correcting
these security flaws plenty of other bug fixes and minor improvements
have been added in this release.
Please note that since upgrading involves
a database update we have to leave it to our users if and when to
switch revisions. The previous release 2.0.17 (in directory '2.0.15+')
will remain intact. For upgrade instructions please refer to our
"Box Docs", chapter "Web service".
For more information please refer to
http://www.hardened-php.net/advisory_172005.75.html
http://www.phpbb.com/phpBB/viewtopic.php?t=336756
|
|
|
Several security vulnerabilities have been found
in PHP, along with scores of conventional bugs, as usual. We addressed
the problem by upgrading to revision 4.4.1 plus a number of patches from
CVS that fix accidental regressions.
Please note that we also switched to a different
PHP accelerator at this point, called eAccelerator. This freeware
project appears to be maintained better that ionCube's proprietary
PHPA, a fact that is quite important in light of API changes like the
one recently introduced in PHP 4.4.0. eAccelerator does basically the
same as PHPA, but the configuration details are different, so in
order to retain full functionality we took the liberty to tweak
'php.ini' for those users who have private copies of that file and
have been using PHPA so far.
For more information please refer to
http://www.hardened-php.net/advisory_182005.77.html
http://www.hardened-php.net/advisory_192005.78.html
http://www.hardened-php.net/advisory_202005.79.html
|
|
|
Ruby supports safely executing an untrusted
code with two mechanisms: safe level and taint flag on objects.
A vulnerability has been found that allows bypassing these mechanisms.
By using the vulnerability, arbitrary code can be executed beyond
the restrictions specified in each safe level. We fixed the problem
by applying the recommended patches.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2337
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
|
This is a maintenance release which
introduces some bug fixes and improvements.
|
|
|
A vulnerability has been identified in Lynx
which could be exploited by remote attackers to execute arbitrary
commands. This flaw is due to a buffer overflow error in the
"HTrjis()" function that does not properly handle specially crafted
NNTP article headers, which could be exploited by remote attackers
to compromise a vulnerable system by convincing a user to connect
to a malicious Web site or NNTP server. We fixed the problem by
upgrading to revision 2.8.5rel.3.
For more information please refer to
http://www.frsirt.com/english/advisories/2005/2113
|
|
|
Remote exploitation of a buffer overflow
vulnerability in cURL and Wget allows attackers to execute arbitrary
code. The vulnerability specifically exists due to insufficient
bounds checking on user-supplied data supplied to a memory copy
operation. The resulting stack overflow can be leveraged to gain
arbitrary code execution with user privileges. We fixed the problem
by upgrading to cURL 7.15.0 and Wget 1.10.2.
For more information please refer to
http://www.idefense.com/application/poi/display?id=322&type=vulnerabilities
|
|
|
A vulnerability has been found in all
previously released versions of OpenSSL. It potentially affects
applications that use the SSL/TLS server implementation provided
by OpenSSL. We fixed the problem by upgrading to revision 0.9.7h
plus a binary compatibility patch from CVS, and we also fixed
our compatibility shared libraries of revision 0.9.6m so that
running older software is safe as well.
For more information please refer to
http://www.openssl.org/news/secadv_20051011.txt
|
|
|
|
Snownews 1.5.7 is a maintenance release
which introduces a number of bug fixes and improvements.
|
|
|
|
This is a maintenance release which
introduces lots of bug fixes and some improvements that have
accumulated since 4.6.0 was released more than two years ago.
Though many of these patches, especially the security related
ones, have been in our version of 4.6.0 already.
|
|
|
|
The new stable branch 3.6.x of Multitail is a
merge between the previous stable branch 3.4.x and development code
from 3.5.x. It introduces a number of improvements, and of course
bug fixes.
|
|
|
A small number of very long-standing bugs in
the filesystem code have been found and fixed by the FreeBSD kernel
hacker team. Under rare circumstances a filesystem would fill up
until it runs out of diskspace and subsequently becomes stuck, at
which point the whole server would have to be rebooted in order to
rectify the situation.
Unfortunately, while we were already testing
the patch internally for a couple of days and were about to schedule
a reboot with the new kernel, this very bug bit us yesterday evening
on one of our server machines, in dutiful adherence to Murphy's Law.
We apologize for this incident and also for the short service
interruption today in order to activate the new kernel on the rest
of our machines.
|
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements.
|
|
|
Besides numerous bug fixes and improvements
there is a new default setting for the compression feature in
the daemon part of OpenSSH: "Compression delayed". This prevents
the gzip library from getting exposed to the Internet before
successful authentication took place, for there have been
remotely exploitable security flaws in that library in the
past.
Note that this change breaks older OpenSSH
clients (< 3.5) if they insist on compression. In this case you
can use "Compression yes" in '/usr/local/etc/ssh/sshd_config'
to restore the old behavior. The more secure and therefore
preferred option, however, would be to upgrade the client instead.
|
|
|
|
This release contains some bug fixes plus
adjustments for AIM which changed its protocol again. Also,
Centericq can now connect to Google Talk.
|
|
|
A race condition has been discovered in 'cvsbug',
which is a utility for reporting problems in the CVS revision control
system. A temporary file is created, used, deleted, and then re-created
with the same name. This creates a window during which an attacker
could replace the file with a link to another file. A local attacker
could cause data to be written to any file to which the user running
'cvsbug' has write access. This may cause damage in itself (e.g.,
by destroying important system files or documents) or may be used
to obtain elevated privileges. We fixed the problem by applying the
recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2693
|
|
|
A vulnerability in the PCRE (Perl Compatible
Regular Expressions) library has been found. A remote or local user
may be able to execute arbitrary code on the target system by supplying
a specially crafted regular expression to trigger a heap integer
overflow in PCRE.
Unfortunately PCRE is part of the source code
distribution of various software packages so addressing this problem
is not just a matter of replacing a shared library. In our server box
environment we have identified and patched the following affected
packages: Exim 3, Exim 4, PHP 4, Python 2.2 and
Python 2.3. Users running private copies of these or other
software packages containing PCRE may want to take action, too,
once official updates become available.
In order to make sure that all affected
processes get restarted after deploying the patched package versions
we rebooted our servers. We apologize for the short service
interruption.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491
|
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements.
|
|
|
|
This maintenance release introduces a number
of bug fixes, improvements and new features.
|
|
|
VIM, with modelines enabled, allows attackers
to execute arbitrary commands via shell metacharacters in the 'glob'
or 'expand' commands of a foldexpr expression for calculating fold
levels. We fixed the problem by upgrading to revision 6.3.85.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2368
|
|
|
A security flaw has been found in NetPBM.
The command 'pstopnm' calls the ghostscript interpreter on potentially
untrusted postscript without specifying the '-dSAFER' option. Not running
under '-dSAFER' allows postscript code to do file IO and to open pipes to
arbitrary external programs, including /bin/sh. We fixed the problem
by applying the recommended patch.
For more information please refer to
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=319757
|
|
|
A vulnerability in the Apache webserver has
been discovered that can be exploited by malicious people causing
cross site scripting (XSS), web cache poisoning, session hijacking
and most importantly the ability to bypass web application firewall
protection.
Exploiting this vulnerability requires multiple
carefully crafted HTTP requests, taking advantage of a caching server,
proxy server, web application firewall etc. This only affects
installations where Apache is used as HTTP proxy. We fixed the problem
by applying the recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2088
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements. Note that
there have been a few changes in the intermediate revision 1.6.3
that could break older environments.
For more information please refer to the
release notes at
http://archive.apache.org/dist/ant/
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
|
With this upgrade we introduce the 2.x branch
of APG (Automated Password Generator) which has a number of new
features and algorithms over the 1.x branch. This nifty tool can
generate pronounceable passwords that nevertheless withstand dictionary
attacks.
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements.
|
|
|
|
Lots of fixes and improvements have
accumulated since our last kernel update, which we decided to put
into production now. Nothing spectacular, though. In order to
activate the new UNIX kernel we had to reboot all of our servers.
We apologize for the short service interruption.
|
|
|
A stack-based buffer overflow has been discovered
in the 'libtiff' version embedded in PDFlib. We fixed the problem by
applying the recommended patch. Note that the 'tiff' revision currently
installed in our system (3.7.3) contains this patch, too.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544
|
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements.
|
|
|
The POP3 code in Fetchmail 6.2.5 and older that
deals with UIDs (from the UIDL) reads the responses returned by the
POP3 server into fixed-size buffers allocated on the stack, without
limiting the input length to the buffer size. A compromised or
malicious POP3 server can thus overrun Fetchmail's stack. This
affects POP3 and all of its variants, for instance but not limited
to APOP. We fixed the problem by upgrading to revision 6.2.5.2.
For more information please refer to
http://fetchmail.berlios.de/fetchmail-SA-2005-01.txt
|
|
|
More security and XSS issues have been found
in phpBB. We addressed the problem by upgrading to revision 2.0.17.
Note that if you previously ran revision 2.0.15 through 2.0.16 there
is no upgrade procedure necessary.
For more information please refer to
http://www.phpbb.com/phpBB/viewtopic.php?t=308490
|
|
|
SquirrelMail 1.4.4 and earlier does not properly
handle the $_POST variable, which allows remote attackers to modify or
read the preferences of other users. We addressed the problem by
upgrading to revision 1.4.5 which also introduces a number of other
bug fixes and improvements. Note that we dealt with the second security
fix included in 1.4.5 (CAN-2005-1769) already on 2005-06-20.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2095
|
|
|
Two problems have been discovered relating to
the extraction of bzip2-compressed files. First, a carefully
constructed invalid bzip2 archive can cause bzip2 to enter an infinite
loop. This could be exploited by an attacker to create a
denial-of-service situation by exhausting disk space or by consuming
all available CPU time.
Second, when creating a new file, bzip2
closes the file before setting its permissions which can allow a
local attacker to change the permissions of local files owned by
the user executing bzip2 providing that they have write access to
the directory in which the file is being extracted. We fixed the
problem by applying the recommended patch.
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip2.asc
|
|
|
A critical security issue with the highlighting
code has been fixed in this release, together with other minor bugs.
Note that if you previously ran revision 2.0.15 there is no upgrade
procedure necessary.
For more information please refer to
http://www.phpbb.com/phpBB/viewtopic.php?t=302011
|
|
|
Two vulnerabilities have been discovered in
Razor-agents (used by SpamAssassin) which can be exploited by malicious
people to cause a DoS (Denial of Service). An unspecified error in
the preprocessing of certain HTML messages can be abused to crash the
application. And a bug in the discovery logic causes Razor-agents to
go into an infinite loop and consume a large amount of memory when
discovery fails. We fixed the problem by upgrading to revision 2.72.
For more information please refer to
http://secunia.com/advisories/15739
|
|
|
A race condition has been found in Sudo's
command pathname handling that could allow a user with Sudo privileges
to run arbitrary commands. We fixed the problem by upgrading to
revision 1.6.8p9.
For more information please refer to
http://marc.theaimsgroup.com/?l=bugtraq&m=111928183431376
|
|
|
Revision 1.10 of Wget finally fixes a number
of path and terminal output sanitizing vulnerabilities that have been
discovered a while ago. Please note that this release by default
insists on verifying the server's certificate in case of an SSL
connection. You can use the option '--no-check-certificate' if
this level of security is not needed.
For more information please refer to
http://marc.theaimsgroup.com/?l=bugtraq&m=110269474112384
|
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements.
|
|
|
Recently, a denial of service issue has been
discovered in conjunction with the TCP PAWS technique which affects
numerous operating systems, including FreeBSD. Due to insufficient
range checking of received timestamps in TCP packets an attacker can
cause an existing TCP connection to become stuck and eventually get
dropped. We fixed the problem by applying the recommended patch.
In order to activate the new UNIX kernel we had to reboot all of
our servers. We apologize for the short service interruption.
For more information please refer to
http://www.securityfocus.com/bid/13676
|
|
|
|
Ncftp 3.1.9 is just a maintenance release
which introduces some minor bug fixes and improvements.
|
|
|
|
This maintenance release introduces a number
of bug fixes and minor improvements.
|
|
|
|
This is a maintenance release which
introduces some minor bug fixes and improvements.
|
|
|
Besides some security flaws fixed in this release,
one of which is considered serious, a number of minor improvements has
been added. One change worth mentioning is the introduction of the admin
re-authentication security feature.
Please note that since upgrading involves
a database update we have to leave it to our users if and when to
switch revisions. The previous release 2.0.13 (in directory '2.0.8+')
will remain intact. For upgrade instructions please refer to our
"Box Docs", chapter "Web service".
For more information please refer to
http://www.phpbb.com/phpBB/viewtopic.php?t=288194
|
|
|
More cases of local kernel memory disclosure
have been found. We fixed the problem by applying the recommended
patch. Two other security advisories have been released together
with this one which are of no relevance to our system, though.
In order to activate the new UNIX kernel we had to reboot all of
our servers. We apologize for the short service interruption.
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc
|
|
|
|
Just a number of bug fixes and improvements.
Forwarded port channels can now bind to a specified IP address instead
of any interface there is (wildcard binding).
|
|
|
|
Besides a number of bug fixes and enhancements
this release also introduces performance improvements over previous
revisions.
|
|
|
|
Exim 4 is now our default version. For
compatibility reasons users in already existing server boxes will
continue to use Exim 3 by means of a number of symlinks installed
in their private disk containers. For upgrade instructions please
refer to '/usr/local/exim-3.36/upgrade/README'.
|
|
|
Multiple programming errors were found in CVS.
In one case, variable length strings are copied into a fixed length
buffer without adequate checks being made; other errors include NULL
pointer dereferences, possible use of uninitialized variables, and
memory leaks.
CVS servers ("cvs server" or :pserver: modes)
are affected by these problems. The buffer overflow may potentially
be exploited to execute arbitrary code on the CVS server, either in
the context of the authenticated user or in the context of the CVS
server, depending on the access method used. The other errors may
lead to a denial of service. We fixed the problem by applying the
recommended patch.
For more information please refer to
http://secunia.com/advisories/14976
|
|
|
In addition to Python 2.2 we installed revision
2.3. For compatibility reasons Python 2.2 remains the default version,
but you can change this individually by altering symlinks
'/usr/local/bin/python' and '/usr/local/bin/pydoc'.
Users who have a private copy of Python 2.3
installed already may want to switch to the shared version by using
the command 'pkg_delpriv packagename'. The exact package name of
the private copy can be obtained by running 'pkg_info'.
|
|
|
The SIOCGIFCONF ioctl allows a user process to
ask the kernel to produce a list of the existing network interfaces
and copy it into a buffer provided by the user process. In generating
the list of network interfaces, the kernel writes into a portion of a
buffer without first zeroing it. As a result, the prior contents of
the buffer will be disclosed to the calling process.
Such memory might contain sensitive information,
such as portions of the file cache or terminal buffers. This information
might be directly useful, or it might be leveraged to obtain elevated
privileges in some way. For example, a terminal buffer might include
a user-entered password.
We fixed the problem by applying the recommended
patch. In order to activate the new UNIX kernel we had to reboot all
of our servers. We apologize for the short service interruption.
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc
|
|
|
|
Just keeping our preinstalled version
sufficiently recent.
|
|
|
|
This maintenance release introduces a number
of minor bug fixes and improvements.
|
|
|
|
This maintenance release introduces a number
of minor bug fixes and improvements.
|
|
|
A programming error has been found in FreeBSD's
filesystem code which can be exploited through the sendfile(2) system
call. If the file being transmitted is truncated after the transfer
has started but before it completes, sendfile(2) will transfer the
contents of more or less random portions of kernel memory in lieu of
the missing part of the file.
Such memory might contain sensitive information,
such as portions of the file cache or terminal buffers. This information
might be directly useful, or it might be leveraged to obtain elevated
privileges in some way. For example, a terminal buffer might include
a user-entered password.
We fixed the problem by applying the recommended
patch. In order to activate the new UNIX kernel we had to reboot all
of our servers. We apologize for the short service interruption.
For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc
|
|
|
|
This maintenance release fixes more than
70 bugs that have been discovered and resolved since the 4.3.10 release.
|
|
|
A cross-site scripting (XSS) vulnerability has
been discovered in Htdig that allows remote attackers to execute
arbitrary web script or HTML via the config parameter, which is not
properly sanitized before it is displayed in an error message.
We fixed the problem by applying the recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0085
|
|
|
|
Lots of bug fixes, including protocol adjustments
in order to stay in sync with the various IM services.
|
|
|
| |
