-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Bugfix Advisory #2005-0017

Package name:      apache bind imagemagick initscripts kernel libcap libpcap
                   perl-convert-uulib php pptpd proftpd setup squid 
Summary:           Package fixes
Date:              2005-05-02
Affected versions: Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  apache:
  Apache is a full featured web server that is freely available, and also
  happens to be the most widely used.
  
  bind:
  BIND (Berkeley Internet Name Domain) is an implementation of the DNS
  (Domain Name System) protocols. BIND includes a DNS server (named),
  which resolves host names to IP addresses, and a resolver library
  (routines for applications to use when interfacing with DNS).  A DNS
  server allows clients to name resources or objects and share the
  information with other network machines.  The named DNS server can be
  used on workstations as a caching name server, but is generally only
  needed on one machine for an entire network.
  
  imagemagick:
  ImageMagick is a robust collection of tools and libraries to read, write,
  and manipulate an image in any of the more popular image formats
  including GIF, JPEG, PNG, PDF, and Photo CD.
  
  initscripts:
  The initscripts package contains the basic system scripts used to boot
  your Trustix Secure Linux system, change runlevels, and shut the system
  down cleanly.  Initscripts also contains the scripts that activate and
  deactivate most network interfaces.
  
  kernel:
  The kernel package contains the Linux kernel (vmlinuz), the core of your
  Trustix Secure Linux operating system.  The kernel handles the basic
  functions of the operating system:  memory allocation, process allocation,
  device input and output, etc.
  
  libcap:
  The POSIX.1e capability library for Linux. This package contains the
  getcap and setcap binaries and manual pages.
  
  libpcap:
  Libpcap provides a portable framework for low-level network
  monitoring.  Libpcap can provide network statistics collection,
  security monitoring and network debugging.  Since almost every system
  vendor provides a different interface for packet capture, the libpcap
  authors created this system-independent API to ease in porting and to
  alleviate the need for several system-dependent packet capture modules
  in each application.
  
  perl-convert-uulib:
  Convert-UUlib module from CPAN for perl
  
  php:
  PHP is an HTML-embedded scripting language.  PHP attempts to make it
  easy for developers to write dynamically generated web pages.  PHP
  also offers built-in database integration for several commercial
  and non-commercial database management systems, so writing a
  database-enabled web page with PHP is fairly simple.  The most
  common use of PHP coding is probably as a replacement for CGI
  scripts.  The mod_php module enables the Apache web server to
  understand and process the embedded PHP language in web pages.
  
  pptpd:
  PPTPd, Point-to-Point Tunnelling Protocol Daemon, offers out
  connections to pptp clients to become virtual members of the IP pool
  owned by the pptp server.  In effect, these clients become virtual
  members of the local subnet, regardless of what their real IP address
  is.  A tunnel is built between the pptp server and client, and packets
  from the subnet are wrapped and passed between server and client
  similar to other C/S protocols.
  
  proftpd:
  ProFTPd is an enhanced FTP server with a focus toward simplicity,
  security, and ease of configuration.  It features a very Apache-like
  configuration syntax, and a highly customizable server infrastructure,
  including support for multiple 'virtual' FTP servers, anonymous FTP, and
  permission-based directory visibility.
  
  setup:
  The setup package contains a set of important system configuration and
  setup files, such as passwd, group, and profile.
  
  squid:
  Squid is a high-performance proxy caching server for Web clients,
  supporting FTP, gopher, and HTTP data objects. Unlike traditional
  caching software, Squid handles all requests in a single,
  non-blocking, I/O-driven process. Squid keeps meta data and especially
  hot objects cached in RAM, caches DNS lookups, supports non-blocking
  DNS lookups, and implements negative caching of failed requests.
  

Problem description:
  apache:
  - Fixed logrotate. Bug #454
  
  bind:
  - Make sure init script does not nuke the jail if the umount fails.
  
  imagemagick:
  - Exploitation of a heap overflow vulnerability could allow execution of
    arbitrary code or couse denial of service.  A heap overflow exists in
    ReadPNMImage() function, that is used to decode a PNM image files.
  - Fix Silent File Conflicts
  
  initscripts:
  - Add separate inittab package.
  
  kernel:
  - Seems the ipt_recent module was having pushing debug statements to the
    console.
  
  libcap:
  - Fixed the libraries to act as shared correctly.
  - Fixed the Unresolved symbols list with it.
  
  libpcap:
  - Fixed the libraries to act as shared. 
  - Fixed the Unresolved symbols list with it.
  
  perl-convert-uulib:
  - Fixed Buffer overflow, a malformed parameter can be provided by an 
    attacker allowing a read operation to overflow a buffer. Credits to 
    Mark Martinec and Robert Lewis with the discovery.
  
  php:
  - Added pcntl_* functions in php cli.  Bug #384.
  
  pptpd:
  - Fixed return status bug in init script. Bug#447.
  
  proftpd:
  - Retrack back from last changes. We donot make these changes in a
    Released Distro
  - Location of log changed and touched few files, Bug #450.
  
  setup:
  - Added ttyS0 and ttyS1 to securettys to allow serial console
  
  squid:
  - A race window has been discovered where Set-Cookie headers may leak
    to another users if the requested server relies on the old obsolete
    (since 1997) Netscape Set-Cookie specifications in how caches should
    handle the Set-Cookie header on otherwise cacheable content.
  

Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2005/0017/>


MD5sums of the packages:
- --------------------------------------------------------------------------
43c14434de85314627a453bb49a448a7  2.2/rpms/apache-2.0.54-2tr.i586.rpm
fc76e3f08a626e1692a3461dfc759b9f  2.2/rpms/apache-dbm-2.0.54-2tr.i586.rpm
77674e6bade0473d2c125c5f0c15a2fa  2.2/rpms/apache-devel-2.0.54-2tr.i586.rpm
b7b9e023a7e818c01f1390d0e39a0596  2.2/rpms/apache-html-2.0.54-2tr.i586.rpm
568bbed6cc40c063dabb1cc123447a23  2.2/rpms/apache-manual-2.0.54-2tr.i586.rpm
904028747af40168fe8d3d6d657882fa  2.2/rpms/bind-9.3.1-1tr.i586.rpm
3b7f44712ebb4a1f142aa7d7610ad298  2.2/rpms/bind-devel-9.3.1-1tr.i586.rpm
813c0fc8d6bef32010d25fcad8f354ac  2.2/rpms/bind-libs-9.3.1-1tr.i586.rpm
4bef5697ed6b3c89cf28651442595de4  2.2/rpms/bind-light-9.3.1-1tr.i586.rpm
fa84df34aab8bb11ed43f21f7aad278e  2.2/rpms/bind-light-devel-9.3.1-1tr.i586.rpm
0617392e26ddcca2b906b5391d3d44a0  2.2/rpms/bind-utils-9.3.1-1tr.i586.rpm
8d1142c81e1bdd3bd8008214adf9af5b  2.2/rpms/imagemagick-6.2.2-2tr.i586.rpm
90ef12795b8e6c61c159019a1aef44be  2.2/rpms/imagemagick-devel-6.2.2-2tr.i586.rpm
5781c1c774ea905b39e7b6b6a6d2dea9  2.2/rpms/initscripts-7.14-19tr.i586.rpm
616a886ad15c9e79fe9bce51e97614c6  2.2/rpms/initscripts-inittab-7.14-19tr.i586.rpm
5fda1dfcd1123b3974136c004d04db19  2.2/rpms/kernel-2.4.30-3tr.i586.rpm
3aeb6c01e80a8f7fd8c1f9449b30383c  2.2/rpms/kernel-BOOT-2.4.30-3tr.i586.rpm
e9f8e9502f5e849a46bc3b4b0f78035a  2.2/rpms/kernel-doc-2.4.30-3tr.i586.rpm
94da20001db1cb35f742ee68a3f1dbbe  2.2/rpms/kernel-smp-2.4.30-3tr.i586.rpm
b8a454edc4c17d39829de7c69417d3b1  2.2/rpms/kernel-source-2.4.30-3tr.i586.rpm
1dd21c2c677807a3fca4c740678b0f7d  2.2/rpms/kernel-utils-2.4.30-3tr.i586.rpm
057dbb75ee11e50bb29720986299d0da  2.2/rpms/libcap-1.10-10tr.i586.rpm
cc0165b156b6e7f6d1d6520ab8019890  2.2/rpms/libcap-devel-1.10-10tr.i586.rpm
1a5253aff52642cdde2def773f263b90  2.2/rpms/libpcap-0.8.3-3tr.i586.rpm
cbcfbb42de10d3c878e9c4bd023414d2  2.2/rpms/perl-convert-uulib-1.051-1tr.i586.rpm
087b16693bb9bdc832daa4802e48ade8  2.2/rpms/perl-image-magick-6.2.2-2tr.i586.rpm
a56b8b7e6be33486e2109c7ab55618f3  2.2/rpms/php-5.0.4-3tr.i586.rpm
b737c730626e99c6f929fbe8934be375  2.2/rpms/php-cli-5.0.4-3tr.i586.rpm
5d1058ea6bc0144f1897809995e953bb  2.2/rpms/php-devel-5.0.4-3tr.i586.rpm
b56d4ce9ef001591b0a4291bda0bf211  2.2/rpms/php-exif-5.0.4-3tr.i586.rpm
792b315cf2491d5ebcebdb0bade184b9  2.2/rpms/php-gd-5.0.4-3tr.i586.rpm
5d7e2800ab51b3abcad337b703006c0f  2.2/rpms/php-imap-5.0.4-3tr.i586.rpm
03b4fb1d74cd59bd53a85d7d3ed3e77f  2.2/rpms/php-ldap-5.0.4-3tr.i586.rpm
ae92ea455d2579911db993c39507e6d9  2.2/rpms/php-mysql-5.0.4-3tr.i586.rpm
a19d66d80c3f5c8e5d9adc54e092e999  2.2/rpms/php-mysqli-5.0.4-3tr.i586.rpm
e29d04e187e730623963d2098fa8ae17  2.2/rpms/php-pgsql-5.0.4-3tr.i586.rpm
86e5ba2d2e47964be9e6e570cc5b6d2c  2.2/rpms/php-zlib-5.0.4-3tr.i586.rpm
ccc17d44a04fc9ef0938ea75a3869a0e  2.2/rpms/pptpd-1.1.4-2tr.i586.rpm
b923801ba8602906c09c40b08241d93e  2.2/rpms/proftpd-1.2.10-4tr.i586.rpm
8035cacefea021d43bbd0125f6552229  2.2/rpms/setup-2.2.9-4tr.i586.rpm
ecca7542583731f9dd708bb542554419  2.2/rpms/squid-2.5.STABLE9-4tr.i586.rpm

a42c01f4e313c2d97c59a073c457187c  2.1/rpms/apache-2.0.54-2tr.i586.rpm
ba40a82f30a32917d6b7cac02b83257b  2.1/rpms/apache-dbm-2.0.54-2tr.i586.rpm
9137aae3d23d519b891a15f9d3599e2e  2.1/rpms/apache-devel-2.0.54-2tr.i586.rpm
758fba561fe29e553765706a7441f12d  2.1/rpms/apache-manual-2.0.54-2tr.i586.rpm
7bbc84db817fadb2773393f79e5c8d12  2.1/rpms/bind-9.2.3-7tr.i586.rpm
e74402c46df9d07e3a637a9c96072dcf  2.1/rpms/bind-devel-9.2.3-7tr.i586.rpm
83db3dfe7a914c8adb9e6e045b9cd01f  2.1/rpms/bind-libs-9.2.3-7tr.i586.rpm
f33a67c47ee3ea32dc4ea3a59d1741f1  2.1/rpms/bind-light-9.2.3-7tr.i586.rpm
b4adb58a80cd20574c7648a5452adcbd  2.1/rpms/bind-light-devel-9.2.3-7tr.i586.rpm
18996c25f8dc1a8bb9e5faa8e66f8cbd  2.1/rpms/bind-utils-9.2.3-7tr.i586.rpm
f214b3c67ea4de85bbdf4b1018a12a51  2.1/rpms/libcap-1.10-9tr.i586.rpm
2409962c6e2f7b916444c39988e56dfb  2.1/rpms/libcap-devel-1.10-9tr.i586.rpm
433d7c3f3a7cbbffc9beee2e37807b9e  2.1/rpms/libpcap-0.8.2-5tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCdffoi8CEzsK9IksRAlZeAJ9aZECv0GAsu+qo8YBtebxXDgtQ6ACdFJsR
HCAJ2VB/IOUKmPCpGdO4G6U=
=HgqI
-----END PGP SIGNATURE-----