SuSE: 'sgmltool' vulnerability
Summary
______________________________________________________________________________
SuSE Security Announcement
Package: sgmltool-1.0.9-266
Announcement-ID: SuSE-SA:2001:16
Date: Friday, May 4th, 14:55:35 CEST 2001
Affected SuSE versions: 6.3, 6.4, 7.0, 7.1
Vulnerability Type: local fileaccess problem
Severity (1-10): 2
SuSE default package: yes
Other affected systems: All UN*X systems using this package
Content of this advisory:
1) security vulnerability resolved: sgmltool
problem description, discussion, solution and upgrade information
2) pending vulnerabilities, solutions, workarounds
3) standard appendix (further information)
______________________________________________________________________________
1) problem description, brief discussion, solution, upgrade information
The sgmltool programs ("sgml2html" and others) are used to convert
SGML-files into various other formats.
During operation, the underlying SGML perlmodule creates temporary files
in an insecure way. This allows attackers to destroy arbitrary files owned
by the user who invoked the sgmltool program. The problem has been fixed
by creating temporary files with the exclusive (O_EXCL) option upon
opening them.
Download the update package from locations desribed below and install
the package with the command `rpm -Uhv file.rpm'. The md5sum for each
file is in the line below. You can verify the integrity of the rpm
files using the command
`rpm --checksig --nogpg file.rpm',
independently from the md5 signatures below.
i386 Intel Platform:
SuSE-7.1
bdedaefb82dc2bb8ff0a522607b80ac3
source rpm:
dc5612aa475c5d6dcaaeee86e6bf985f
SuSE-7.0
916953307d466d3bd8d26fb0655ce55a
source rpm:
5e11b85a494e1033ee2a83839cb296fe
SuSE-6.4
a489acc5c3dce4c44915e47b3ee64790
source rpm:
efdb6b08988b689127600a954ebe2e2f
SuSE-6.3
9c1e5da161b67248935cbc7f485dfd40
source rpm:
a2deae294821e73ed24429636b20ed2a
Sparc Platform:
SuSE-7.1
b3e0ec269392fb3d77c37cc698f77d16
source rpm:
eb80b6efe08f40139ec181fed7ccc832
SuSE-7.0
8312ac046de5df7a47008dba32f1a7e8
source rpm:
a7e48214ae01f4f720240c1204120927
AXP Alpha Platform:
SuSE-7.0
06348dc4b669098d80bc16a8cc836123
source rpm:
c7c7ff5507f7a510d615235323f9f636
SuSE-6.4
ee6bb4dd45c90ba716f0d825fba7bbca
source rpm:
44366d7edcace3448a606aff0c73026f
SuSE-6.3
2c2450e3dfdde9066269add9cfb0757b
source rpm:
66a9d60866a5ebbb2e0682a2056f2528
PPC Power PC Platform:
SuSE-7.1
01bda0ee0edfa1e1036d27b2bb3de352
source rpm:
1c6668d3ccc1b27bb3d5a4f84b308323
SuSE-7.0
e9b7161fe3a10624790ce65d9909165d
source rpm:
15b8204b9378f8e833e6bac263bbacdd
SuSE-6.4
6af30c53d022866df5dd69ae053eeeea
source rpm:
35aa3ab2a86498c5e6ad145c0c7e378a
______________________________________________________________________________
2) Pending vulnerabilities in SuSE Distributions and Workarounds:
- Marcus Meissner (Caldera) found a bug in KDE 2.1.*'s kdesu program
which allows attackers to gather private information. This is due to
insecure local filehandling by the kdesu program. Please update to
the newest packages.
- minicom
format string vulnerabilities have been found in the minicom package.
If /usr/bin/minicom is installed suid, the vulnerability may be
exploited to gain elevated privileges. Please note that this is not
the case in SuSE distributions. If you decided to make /usr/bin/minicom
suid uucp or even suid root, please make sure that you grant access to
the execution of minicom to trusted users only.
- cfingerd
The package has been found vulnerable to a remotely exploitable
weakness. SuSE Linux distributions do not ship this version of
fingerd.
- webmin
Insecure handling of temporary files has been found in webmin, a
comprehensive administration webinterface. SuSE distributions do not
contain the webmin package and therefore are not vulnerable to the
found vulnerabilities by default. We urge administrators who use
webmin to upgrade to the latest version of webmin available.
- gnupg/gpg, openssl
Several weaknesses have been found in gnupg/gpg that can reduce the
strength of encrypted data. We will provide updates for the gnupg/gpg
package. The updates are currently being tested.
______________________________________________________________________________
3) standard appendix:
SuSE runs two security mailing lists to which any interested party may
subscribe:
suse-security@suse.com
- general/linux/SuSE security discussion.
All SuSE security announcements are sent to this list.
To subscribe, send an email to
<suse-security-subscribe@suse.com>.
suse-security-announce@suse.com
- SuSE's announce-only mailing list.
Only SuSE's security annoucements are sent to this list.
To subscribe, send an email to
<suse-security-announce-subscribe@suse.com>.
For general information or the frequently asked questions (faq)
send mail to:
<suse-security-info@suse.com> or
<suse-security-faq@suse.com> respectively.
============================================== SuSE's security contact is <security@suse.com>.
==============================================
Regards,
Sebastian Krahmer
______________________________________________________________________________
The information in this advisory may be distributed or reproduced,
provided that the advisory is not modified in any way.
SuSE GmbH makes no warranties of any kind whatsoever with respect
to the information contained in this security advisory.
References
