Copyright © 2002-2008
EscapeBox Germany
|
|
Since the maintainers of the anti-spam database
ORDB decided to shut down their service all of a sudden, after five
years of operation, we removed the respective blacklist lookups
(relays.ordb.org) from our default Exim config file.
User with a private copy of this file, or who
run alternative MTA software, may want to do the same in their box.
Otherwise incoming email is likely to get delayed unnecessarily.
|
|
|
|
A number of fixes and improvements have
accumulated since our last kernel update (four months ago), which we
decided to put into production today. Nothing spectacular, though.
In order to activate the new UNIX kernel we had to reboot all of our
servers. We apologize for the short service interruption.
|
|
|
Using malformed OpenPGP packets, an attacker is
able to modify and dereference a function pointer in GnuPG. This is a
remotely exploitable bug and affects any use of GnuPG where an attacker
can control the data processed by GnuPG. It is not necessarily limited
to encrypted data. Also signed data may be affected. We fixed the
problem by upgrading to revision 1.4.6.
For more information please refer to
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000246.html
|
|
|
There is a tar record type, called GNUTYPE_NAMES
(an obsolete GNU extension), that allows the creation of symbolic links
pointing to arbitrary locations in the filesystem, which makes it
possible to create/overwrite arbitrary files. We addressed the problem
by upgrading to revision 1.16 plus the recommended patch.
For more information please refer to
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0344.html
|
|
|
When running GnuPG interactively, specially crafted
messages may be used to crash gpg. Running gpg in batch mode, as done by
all software using gpg as a backend (e.g. mailers), is not affected by
this bug. Exploiting this overflow seems to be possible. We fixed the
problem by applying the recommended patch.
For more information please refer to
http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000241.html
|
|
|
The sPLT chunk handling code in libpng uses
a 'sizeof' operator on the wrong data type, which allows context-dependent
attackers to cause a denial of service (crash) via malformed sPLT chunks
that trigger an out-of-bounds read. We fixed the problem by upgrading
to revision 1.2.13.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5793
|
|
|
We have added a SpamAssassin extension that
supports SURBL lookups. In addition to normal RBL detection, which checks
the IP address of the email sender against the contents of distributed
anti-spam network databases, and the Razor2 extension which does the same
with a fingerprint of the message body, SURBL is another variant of this
lookup mechanism which instead identifies URIs (usually web links) of
spam sites mentioned in the message body. This also helps against
phishing scams which usually contain specific URIs as well. The SURBL
extension takes effect automatically for all users who run our
shared copy of SpamAssassin.
For more information please refer to
http://www.surbl.org
|
|
|
A bug has been fixed in the sshd privilege
separation monitor that weakened its verification of successful
authentication. However, this bug is not known to be exploitable
in the absence of additional vulnerabilities. We addressed the
problem by upgrading to revision 4.5p1.
For more information please refer to
http://www.openssh.com/txt/release-4.5
|
|
|
|
This maintenance release introduces a number
of bug fixes, improvements and new features. For more information
please refer to file '/usr/local/etc/joe/doc/NEWS'.
|
|
|
A race condition in the symlink function in PHP
allows local users to bypass the open_basedir restriction by using a
combination of symlink, mkdir, and unlink functions to change the file
path after the open_basedir check and before the file is opened by the
underlying system. We fixed the problem by applying the recommended
patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5178
|
|
|
A security vulnerability has been found in Python.
If an application uses repr() on arbitrary untrusted data, this flaw could
be exploited to execute arbitrary code with the privileges of the Python
application. We fixed the problem by applying the recommended patch.
For more information please refer to
http://secunia.com/advisories/22276
|
|
|
|
This maintenance release introduces a number
of bug fixes, improvements and new features.
|
|
|
Two security flaws have been found in OpenSSH.
The CRC compensation attack detector in the sshd(8) daemon, upon receipt
of duplicate blocks, uses CPU time cubic in the number of duplicate
blocks received. Also, a race condition exists in a signal handler used
by the sshd(8) daemon to handle the LoginGraceTime option, which can
potentially cause some cleanup routines to be executed multiple times.
Both issues can be abused for a Denial of Service (DoS) attack. We
fixed the problem by upgrading to revision 4.4p1, and we also restarted
the sshd(8) daemon in each server box in order to prevent any abuse.
For more information please refer to
http://www.openssh.com/txt/release-4.4
|
|
|
Multiple programming errors have been found
in gzip which can be triggered when gzip is decompressing files.
These errors include insufficient bounds checks in buffer use,
a NULL pointer dereference, and a potential infinite loop. The
insufficient bounds checks in buffer use can cause gzip to crash,
and may permit the execution of arbitrary code. The NULL pointer
dereference can cause gzip to crash. The infinite loop can cause a
Denial-of-Service situation where gzip uses all available CPU time.
We fixed the problem by applying the recommended patch.
For more information please refer to
http://security.freebsd.org/advisories/FreeBSD-SA-06:21.gzip.asc
|
|
|
A vulnerability has been found in OpenSSL. If
an RSA key with exponent 3 is used it may be possible to forge a PKCS
#1 v1.5 signature signed by that key. Implementations may incorrectly
verify the certificate if they are not checking for excess data in the
RSA exponentiation result of the signature. We fixed the problem by
upgrading to revision 0.9.7k, and we also fixed our compatibility
shared libraries of revision 0.9.6m so that running older software is
safe as well.
For more information please refer to
http://www.openssl.org/news/secadv_20060905.txt
|
|
|
In addition to Python 2.2 & 2.3 we installed
branch 2.4. For compatibility reasons Python 2.2 remains the default
version, but you can change this individually by altering symlinks
'/usr/local/bin/python' and '/usr/local/bin/pydoc'.
Users who already have a private copy of Python
2.4 installed may want to switch to the shared version by using
the command 'pkg_delpriv packagename'. The exact package name of
the private copy can be obtained by running 'pkg_info'.
Also, we have multiple instances of 'mod_python'
now, one for each version of Python. In '/usr/local/libexec/apache',
the shared library 'mod_python.so' is by default a symlink to
'mod_python2.2.so', but you can easily select a different version by
pointing that symlink to one of the other modules. Note that you have
to restart Apache afterwards.
|
|
|
|
The new stable branch 4.0.x of Multitail is a
merge between the previous stable branch 3.8.x and development code
from 3.9.x. It introduces a number of improvements, and of course
bug fixes.
|
|
|
|
This is a maintenance release which
introduces some bug fixes and improvements.
|
|
|
A few more locally exploitable security
vulnerabilities have been discovered since PHP 4.4.3. We fixed the
problem by upgrading to revision 4.4.4.
For more information please refer to
http://www.php.net/release_4_4_4.php
|
|
|
|
A number of fixes and improvements have
accumulated since our last kernel update (three months ago), which we
decided to put into production today. Nothing spectacular, though.
In order to activate the new UNIX kernel we had to reboot all of our
servers. We apologize for the short service interruption.
|
|
|
Finally, revision 1.5.0 for FreeBSD seems to be
stable enough to give it a try. The default JDK in our system is still
1.3.1, though, since this is the latest revision for FreeBSD 4 that has
been officially certified by Sun.
Note that a specific JDK can by selected by
setting the JAVA_HOME environment variable and adjusting PATH
accordingly. And as far as Tomcat is concerned, please refer to
our "Box Docs", chapter "Web service", section "Web server and accelerator",
module "mod_jk".
|
|
|
A security vulnerability has been found in
SquirrelMail. A logged in user could overwrite random variables in
'compose.php', which might make it possible to read/write other users'
preferences or attachments. We addressed the problem by upgrading to
revision 1.4.8, which also contains lots of other bug fixes and minor
improvements.
For more information please refer to
http://www.squirrelmail.org/security/issue/2006-08-11
|
|
|
Several security vulnerabilities have been found
in PHP, along with scores of conventional bugs, as usual. We addressed
the problem by upgrading to revision 4.4.3 plus a number of patches from
CVS that fix accidental regressions.
For more information please refer to
http://www.php.net/release_4_4_3.php
|
|
|
Two vulnerabilities have been reported in Ruby,
which can be abused by malicious people to bypass certain security
restrictions. An error in the handling of the "alias" functionality can
be exploited to bypass the safe level protection and replace methods
called in the trusted level. Also, an error caused due to directory
operations not being properly checked can be exploited to bypass the
safe level protection and close untainted directory streams. We fixed
the problem by applying the recommended patch.
For more information please refer to
http://secunia.com/advisories/21009
|
|
|
An off-by-one flaw exists in the Rewrite module
(mod_rewrite). This software defect may result in a vulnerability which,
in combination with certain types of Rewrite rules in the web server
configuration files, could be triggered remotely. The nature of the
vulnerability can be denial of service (crashing of web server processes)
or potentially allow arbitrary code execution. We fixed the problem by
upgrading to revision 1.3.37.
For more information please refer to
http://www.kb.cert.org/vuls/id/395412
|
|
|
Mutt is prone to a remote buffer-overflow
vulnerability that may allow remote attackers to execute arbitrary
machine code. This issue is due to the application's failure to
properly bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer. We fixed the problem by applying
the recommended patch.
For more information please refer to
http://www.securityfocus.com/bid/18642
|
|
|
|
This is a maintenance release which
introduces some bug fixes and improvements.
|
|
|
|
This maintenance release introduces a number
of bug fixes, improvements and new features.
|
|
|
A suitably malformed multipart MIME message can
cause Sendmail to exceed predefined limits on its stack usage. An attacker
able to send mail to, or via, a server can cause queued messages on the
system to not be delivered, by causing the Sendmail process which handles
queued messages to crash.
Note that this will not stop new messages from
entering the queue (either from local processes, or incoming via SMTP).
Also note that we use Exim instead of Sendmail in our default setup, so
this flaw should be of no relevance to most users. We fixed the problem
by applying the recommended patch.
For more information please refer to
http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc
|
|
|
Improvements with regard to filtering on language
selection have been introduced in this release in order to address a
security issue, together with other fixes and general improvements.
Please note that since upgrading involves
a database update we have to leave it to our users if and when to
switch revisions. The previous release 2.0.19 (in directory '2.0.19+')
will remain intact. For upgrade instructions please refer to our
"Box Docs", chapter "Web service".
For more information please refer to
http://www.phpbb.com/phpBB/viewtopic.php?t=397315
|
|
|
A security issue has been uncovered in
'functions/plugin.php' that could allow a remote user to access local
files on the server without requiring login. This issue manifests
itself if 'register_globals' is enabled, and 'magic_quotes_gpc' is
disabled, both of which are not the default setting in our setup.
We fixed the problem by applying the recommended patch.
For more information please refer to
http://www.squirrelmail.org/security/issue/2006-06-01
|
|
|
A vulnerability has been discovered in SpamAssassin
that can allow remote attackers to execute arbitrary commands. This
problem only affects systems where 'spamd' is reachable via the Internet
and used with vpopmail virtual users, via the "-v" / "--vpopmail" switch,
and with the "-P" / "--paranoid" switch, both of which are not the default
setting in our setup. We fixed the problem by applying the recommended
patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2447
|
|
|
An attacker able to submit crafted strings to an
application that will embed those strings in SQL commands can use
invalidly-encoded multibyte characters to bypass standard string-escaping
methods, resulting in possible injection of hostile SQL commands into
the database.
Also, the widely-used practice of escaping ASCII
single quote "'" by turning it into "\'" is unsafe when operating in
multibyte encodings that allow 0x5c (ASCII code for backslash) as the
trailing byte of a multibyte character; this includes at least SJIS, BIG5,
GBK, GB18030, and UHC. An application that uses this conversion while
embedding untrusted strings in SQL commands is vulnerable to SQL-injection
attacks if it communicates with the server in one of these encodings.
While the standard client libraries used with PostgreSQL have escaped "'"
in the safe, SQL-standard way of "''" for some time, the older practice
remains common. As of this release the server has been modified to reject
"\'" when the client is using one of these encodings. This does NOT in
itself fix all variants of the problem, but it will make it obvious that
such a client is broken and in need of repair. A possible workaround for
affected clients is to avoid use of the vulnerable character encodings.
Please note that the second issue outlined above
has the potential to break existing client code if multibyte encodings
are used. Users of such applications may want to pay special attention
to the second document listed below. We fixed both security problems
by upgrading to revision 7.3.15.
For more information please refer to
http://www.postgresql.org/docs/techdocs.50
http://www.postgresql.org/docs/techdocs.52
|
|
|
|
A number of fixes and improvements have
accumulated since our last kernel update (three months ago), which we
decided to put into production today. Nothing spectacular, though.
In order to activate the new UNIX kernel we had to reboot all of our
servers. We apologize for the short service interruption.
|
|
|
|
This is a maintenance release which
introduces some minor bug fixes and improvements.
|
|
|
|
This is a maintenance release which
introduces a number of bug fixes and improvements.
|
|
|
A security flaw in the Zoo archiver has been
found. The vulnerability, which is present in the fullpath() function,
is caused by improper checking of user supplied data. The data returned
to the buffer can be up to 512 bytes, while the buffer is created to
hold 256 bytes. This could result in a buffer overflow which could
allow remote code execution. We fixed the problem by applying the
recommended patch.
For more information please refer to
http://www.guay-leroux.com/projects/zoo-advisory.txt
|
|
|
Two security vulnerabilities have been discovered
in the FreeBSD base distribution.
In case of OPIE, the opiepasswd(1) program uses
getlogin(2) to identify the user calling opiepasswd(1). In some
circumstances getlogin(2) will return "root" even when running as an
unprivileged user. This causes opiepasswd(1) to allow an unprivileged
user to configure OPIE authentication for the root user.
As to Sendmail, a race condition has been
reported to exist in the handling by Sendmail of asynchronous signals.
A remote attacker may be able to execute arbitrary code with the
privileges of the user running Sendmail, typically root. Please note
that we use Exim instead of Sendmail in our default setup, so this
flaw should be of no relevance to most users.
We fixed the problems by applying the recommended
patches. For more information please refer to
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
|
|
|
|
The new stable branch 3.8.x of Multitail is a
merge between the previous stable branch 3.6.x and development code
from 3.7.x. It introduces a number of improvements, and of course
bug fixes.
|
|
|
Libcurl uses the given file part of a TFTP URL
in a manner that allows a malicious user to overflow a heap-based
memory buffer due to the lack of boundary checking. This may lead to
unintended arbitrary code execution. We fixed the problem by upgrading
to revision 7.15.3.
For more information please refer to
http://curl.haxx.se/docs/adv_20060320.html
|
|
|
Another signature verfication bug has been found
in GnuPG. Signature verification of non-detached signatures may give a
positive result but when extracting the signed data, this data may be
prepended or appended with extra data not covered by the signature.
Thus it is possible for an attacker to take any signed message and
inject extra arbitrary data. We fixed the problem by upgrading to
revision 1.4.2.2.
For more information please refer to
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
|
|
|
GnuTar is vulnerable to a buffer overflow, caused
by improper bounds checking of the PAX extended headers. By tricking a
user into processing a specially crafted tar archive, this could be
exploited to execute arbitrary code with the privileges of the user.
We fixed the problem by applying the recommended patch.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0300
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
There is an IMAP command injection vulnerability
in SquirrelMail. A specially crafted URL in an email can execute
additional IMAP commands if a logged in user clicks on it. This flaw
can be abused to modify or even delete messages in the user's mail
folder without his consent. We fixed the problem by applying the
recommended patch.
For more information please refer to
http://www.squirrelmail.org/security/issue/2006-02-15
|
|
|
A potential crash can occur in
"SET SESSION AUTHORIZATION". An unprivileged user could crash
the server process, resulting in momentary denial of service to
other users. We fixed the problem by upgrading to revision 7.3.14.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0678
|
|
|
A security related bug has been found in GnuPG.
When using GnuPG for unattended signature verification (e.g. by scripts
and mail programs), false positive signature verification of detached
signatures may occur. We fixed the problem by upgrading to revision
1.4.2.1.
For more information please refer to
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
|
|
|
|
This is a maintenance release which
introduces numerous bug fixes and improvements over revision
1.8.2. Note that this upgrade does not affect Ruby 1.6.8 which
remains intact for compatibility reasons.
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
The 'scp' command allows attackers to execute
arbitrary commands via filenames that contain shell metacharacters or
spaces, which are expanded twice. We fixed the problem by upgrading
to revision 4.3p1.
For more information please refer to
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0225
|
|
|
Besides some other fixes and improvements a
missing range check of the fractional second values (0-999999) has been
added to the utimes(2) system call. Prior to this change users could
create files with values outside that range. Moreover, 'tv_usec' offsets
larger than 4.3s would result in an unnormalized and wrong timestamp
value, due to overflow.
Since the utimes(2) issue concerns filesystem
integrity we decided to deploy an updated UNIX kernel today. In order
to activate it we had to reboot all of our servers. We apologize for
the short service interruption.
|
|
|
|
This is a pure bug fix release. There are
no new features. Note that one of the changes affects the character
string comparison. In cases where a locale is used that considers
different character combinations as equal, such as Hungarian, a
"REINDEX" might be required to fix existing indexes on textual
columns.
|
|
|
|
Just keeping our preinstalled version
sufficiently recent.
|
|
|
|
This is a pure bug fix release. There are
no new features.
|
|
|
Fetchmail contains a bug that causes it
to crash when bouncing a message to the originator or to the local
postmaster. The crash happens after the bounce message has been sent,
when Fetchmail tries to free the dynamic array of failed addresses,
and calls the free() function with an invalid pointer. We fixed the
problem by upgrading to revision 6.3.2.
For more information please refer to
http://fetchmail.berlios.de/fetchmail-SA-2006-01.txt
|
|
|
|
This maintenance release fixes more than
30 bugs that have been discovered and resolved since the 4.4.1 release.
|
|
|
|
This maintenance release introduces a number
of bug fixes, improvements and new features.
|
|
|
|
Plenty of fixes and improvements have
accumulated since our last kernel update (three months ago), which we
decided to put into production today. At this point we also bumped up
the OS revision to 4.11 since userland is entirely in sync with
FreeBSD 4.11-STABLE (RELENG_4) by now. In order to activate the new
UNIX kernel we had to reboot all of our servers. We apologize for
the short service interruption.
|
|
|
Some XSS vulnerabilities have been found in
phpBB (affecting Internet Explorer only, this time). Apart from correcting
these security flaws a number of other bug fixes have been added in this
release. Also, the maximum number of login attempts is now configurable
in order to prevent dictionary attacks.
Please note that since upgrading involves
a database update we have to leave it to our users if and when to
switch revisions. The previous release 2.0.18 (in directory '2.0.18+')
will remain intact. For upgrade instructions please refer to our
"Box Docs", chapter "Web service".
For more information please refer to
http://www.phpbb.com/phpBB/viewtopic.php?t=352966
|
|
|
For the respective set of archived articles,
please select a year:
|
|
|
|
|
