인기있는 리눅스 배포판 중의 하나인 SUSE에서 다양한 취약점을 해결하는 배포판이 발표되어 간단히 소개합니다.

특히, 웹 공격 취약점 중의 하나인 SQL Injection, CSRF 등이 포함되어 있으므로 해당 문제점에 대한 충분한 검토 및 업데이트가 필요합니다.

       발표일:                   Mon, 02 Aug 2010 15:00:00 +0000
       취약점 참조목록:CVE-2009-2625, CVE-2009-2663, CVE-2009-3560
                                CVE-2009-3700, CVE-2009-3720, CVE-2009-3826
                                CVE-2009-4270, CVE-2010-0211, CVE-2010-0212
                                CVE-2010-0395, CVE-2010-0438, CVE-2010-0547
                                CVE-2010-0653, CVE-2010-0731, CVE-2010-0733
                                CVE-2010-0787, CVE-2010-0926, CVE-2010-1166
                                CVE-2010-1169, CVE-2010-1170, CVE-2010-1321
                                CVE-2010-1325, CVE-2010-1411, CVE-2010-1459
                                CVE-2010-1507, CVE-2010-1512, CVE-2010-1628
                                CVE-2010-1639, CVE-2010-1640, CVE-2010-1869
                                CVE-2010-1975, CVE-2010-1993, CVE-2010-2023
                                CVE-2010-2024, CVE-2010-2055, CVE-2010-2059
                                CVE-2010-2063, CVE-2010-2067, CVE-2010-2074
                                CVE-2010-2077, CVE-2010-2228, CVE-2010-2229
                                CVE-2010-2230, CVE-2010-2231, CVE-2010-2251
                                CVE-2010-2451, CVE-2010-2452, CVE-2010-2480
                                CVE-2010-2494, CVE-2010-2532, CVE-2010-2713
                                CVE-2010-2785
    해결된 보안 취약점 목록
            - OpenOffice_org
            - apache2-slms
            - aria2
            - bogofilter
            - cifs-mount/samba
            - clamav
            - exim
            - ghostscript-devel
            - gnutls
            - krb5
            - kvirc
            - lftp
            - libpython2_6-1_0
            - libtiff
            - libvorbis
            - lxsession
            - mono-addon-bytefx-data-mysql/bytefx-data-mysql
            - moodle
            - openldap2
            - opera
            - otrs
            - popt
            - postgresql
            - python-mako
            - squidGuard
            - vte
            - w3m
            - xmlrpc-c
            - XFree86/xorg-x11
            - yast2-webclient
       
세부 사항:
   To avoid flooding mailing lists with SUSE Security Announcements for minor
   issues, SUSE Security releases weekly summary reports for the low profile
   vulnerability fixes. The SUSE Security Summary Reports do not list or
   download URLs like the SUSE Security Announcements that are released for
   more severe vulnerabilities.
   Fixed packages for the following incidents are already available on our FTP
   server and via the YaST Online Update.
   - OpenOffice_org
     This update of OpenOffice_org does not allow macros written in Python to
     be executed without permission, CVE-2010-0395.
     This also provides the maintenance update to OpenOffice.org-3.2.1.
     Details about all upstream changes can be found at
     http://development.openoffice.org/releases/3.2.1.html
     Affected Products: SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - apache2-slms
     Insufficient quoting of parameters in SLMS could allow for
     cross-site-request-forgery (CSRF) attacks (CVE-2010-1325).
     Affected Products: SLE11
   - aria2
     This aria2 update to 1.9.3 fixes a metalink name Directory Traversal
     issue (CVE-2010-1512).
     Affected Products: openSUSE 11.2
    
   - bogofilter
     This update of bogofilter/bogolexer fixes a heap based buffer underflow
     vulnerability which could be exploited to cause a denial of service or
     potentially execute arbitrary code (CVE-2010-2494).
     Affected Products: SLE11, openSUSE 11.0, 11.1, 11.2
   - cifs-mount/samba
     This update of the Samba server package fixes security issues and bugs.
     Following security issues were fixed:
     - CVE-2010-2063: A buffer overrun was possible in chain_reply code in
                      3.3.x and below, which could be used to crash the
                      samba server or potentially execute code.
     - CVE-2010-0787: Take extra care that a mount point of mount.cifs is
                      not changed during mount.
     - CVE-2010-0926: With enabled "wide links" samba follows symbolic links
                      on the server side, therefore allowing clients to
                      overwrite arbitrary files. This update changes the
                      default setting to have "wide links" disabled by default.
                      The new default only works if "wide links" is not set
                      explicitly in smb.conf.
     - CVE-2010-0547: Due to a race condition in mount.cifs a local attacker
                      could corrupt /etc/mtab if mount.cifs is installed setuid
                      root. mount.cifs is not setuid root by default and it is
                      not recommended to change that.
     Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.0, 11.1
   - clamav
     This update fixes a off-by-one buffer overflow (CVE-2010-1640) and a
     crash while parsing PDFs (CVE-2010-1639, CVE-2010-2077) in clamav
     that can be used as a remote denial of service attack.
     Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - exim
     Two local vulnerabilities have been fixed in the exim MTA
     which allowed attackers to create arbitrary files or
     to change ownership of arbitrary files. CVE-2010-2023 and
     CVE-2010-2024 have been assigned to these issues.
     Affected Products: openSUSE 11.1, 11.2, 11.3
   - ghostscript
     Specially crafted postscript (.ps) files could cause buffer
     overflows in ghostscript that could potentially be exploited to
     execute arbitrary code (CVE-2010-1628, CVE-2010-1869, CVE-2009-4270)
     Additionally ghostscript, by default, reads some initialization files from
     the current working directory. Local attackers could potentially exploit
     that to have other users execute arbitrary commands by placing such
     files e.g. in /tmp (CVE-2010-2055).
     Affected Products: SLE11, openSUSE 11.0, 11.1, 11.2, 11.3
   - gnutls
     The ASN.1 parser for X.509 certificates used a wrong integer type for
     extracting a certficiate's serial number. On 64bit big-endian
     architectures this could result in bypassing CRL checks (CVE-2010-0731).
     Affected Products: SLES9
   - krb5
     This update fixes a denial-of-service vulnerability in kadmind. A
     remote attack can send a malformed GSS-API token that triggers a
     NULL pointer dereference.
     (CVE-2010-1321: CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:L/Au:S/C:N/I:N/A:C))
     Affected Products: SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - kvirc
     This update of KVirc fixes a remotely exploitable format string and
     directory traversal vulnerability (CVE-2010-2451, CVE-2010-2452).
     Additionally KVirc does not further allow remote client to send
     arbitrary CTCP commands. (CVE-2010-2785)
     Affected Products: openSUSE 11.1, 11.2, 11.3
   - lftp
     This update of lftp improves the filename handling of downloaded files
     to avoid downloading arbitrary content to unexpected locations (like
     .login). (CVE-2010-2251)
     Affected Products: openSUSE 11.0, 11.1, 11.2
   - libpython2_6-1_0
     This update of python has a copy of libxmlrpc that is vulnerable to
     denial of service bugs that can occur while processing malformed XML
     input.
     - CVE-2009-2625: CVSS v2 Base Score: 5.0: Permissions, Privileges,
                      and Access Control (CWE-264)
     - CVE-2009-3720: CVSS v2 Base Score: 5.0: Insufficient Information
     - CVE-2009-3560: CVSS v2 Base Score: 5.0: Buffer Errors (CWE-119)
     Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - libtiff
     This update of libtiff fixes several integer overflows that could lead
     to a corrupted heap memory. This bug can be exploited remotely with a
     crafted TIFF file to cause an application crash or probably to execute
     arbitrary code. (CVE-2010-1411)
     Affected Products: SLES9, SLE10-SP3, openSUSE 11.0, 11.1, 11.2
   - libvorbis
     This update of libvorbis fixes a memory corruption while parsing OGG
     files. This bug was exploitable by remote attackers to cause an
     application crash and could probably be exploited to execute arbitrary
     code.
     CVE-2009-2663: CVSS v2 Base Score: 6.8: Resource Management Errors (CWE-399)
     Affected Products: SLES9, SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - lxsession
     lxsession-logout did not properly lock the screen before suspending,
     hibernating and switching between users which could allow attackers with
     physical access to take control of the system to obtain sensitive infor-
     mation and / or execute arbitrary code in the context of the user who is
     currently logged in (CVE-2010-2532).
     Affected Products: openSUSE 11.3
   - mono-addon-bytefx-data-mysql/bytefx-data-mysql
     Mono's ASP.NET implementation did not set the 'EnableViewStateMac'
     property by default. Attackers could exploit that to conduct cross-
     site-scripting (XSS) attacks. (CVE-2010-1459)
     Affected Products: SLE10-SP2, SLE11, openSUSE 11.0, 11.1, 11.2
   - moodle
     Moodle was prone to several Cross-Site Scripting (XSS) vulnerabilities
     (CVE-2010-2228, CVE-2010-2229, CVE-2010-2230, CVE-2010-2231).
     Affected Products: openSUSE 11.0, 11.1
   - openldap2
     Specially crafted MODRDN operations can crash the OpenLDAP server.
     (CVE-2010-0211 and CVE-2010-0212)
     Affected Products: openSUSE 11.0
   - opera
     Opera was upgraded to the 10.60 release.
     - CVE-2010-0653: Opera permits cross-origin loading of CSS style sheets
                      even when the style sheet download has an incorrect
                      MIME type and the style sheet document is malformed,
                      which allows remote HTTP servers to obtain sensitive
                      information via a crafted document.
     - CVE-2010-1993: Opera 9.52 does not properly handle an IFRAME element
                      with a mailto: URL in its SRC attribute, which allows
                      remote attackers to cause a denial of service (resource
                      consumption) via an HTML document with many IFRAME
                      elements.
     Affected Products: openSUSE 11.0, 11.1, 11.2, 11.3
   - otrs
     OTRS was prone to multiple SQL-injection vulnerabilities which could
     allow remote authenticated attackers to execute arbitrary SQL code via
     unspecified vectors. (CVE-2010-0438)
     Affected Products: openSUSE 11.0, 11.1, 11.2
   - popt
     This update fixes the problem where RPM misses to clear the SUID/SGID
     bit of old files during package updates. (CVE-2010-2059)
     Affected Products: openSUSE 11.0
   - postgresql
     This update of postgresql was pblished to fix several minor security
     vulnerabilities:
     - CVE-2010-1975: postgresql does not properly check privileges during
                      certain RESET ALL operations, which allows remote
                      authenticated users to remove arbitrary parameter
                      settings.
     - CVE-2010-1170: The PL/Tcl implementation in postgresql loads Tcl
                      code from the pltcl_modules table regardless of the
                      table's ownership and permissions, which allows remote
                      authenticated users, with database-creation privileges,
                      to execute arbitrary Tcl code.
     - CVE-2010-1169: Postgresql does not properly restrict PL/perl procedures,
                      which allows remote authenticated users, with database-
                      creation privileges, to execute arbitrary Perl code via
                      a crafted script.
     - CVE-2010-0733: An integer overflow in postgresql allows remote authen-
                      ticated users to crash the daemon via a SELECT statement.
     Affected Products: SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - python-mako
     Python-mako was prone to a Cross-Site Scripting flaw due to improperly
     escaped single quotes (CVE-2010-2480).
     Affected Products: openSUSE 11.2, 11.3
   - squidGuard
     Two buffer overflows in squidGard were fixed:
     - CVE-2009-3700: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4
                      allows remote attackers to cause a denial of service
                      (application hang or loss of blocking functionality)
                      via a long URL with many / (slash) characters, related
                      to "emergency mode."
     - CVE-2009-3826: Multiple buffer overflows in squidGuard 1.4 allow remote
                      attackers to bypass intended URL blocking via a long URL,
                      related to (1) the relationship between a certain buffer
                      size in squidGuard and a certain buffer size in Squid and
                      (2) a redirect URL that contains information about the
                      originally requested URL.
     Affected Products: openSUSE 11.1, 11.2, 11.3
   - vte
     VTE was vulnerable to an old title set+query attack which could be used
     by remote attackers to execute arbitrary code (CVE-2010-2713).
     Affected Products: openSUSE 11.2, 11.3
   - w3m
     w3m did not handle embedded nul characters in the common name and in
     subject alternative names of x509 certificates.
     CVE-2010-2074 has been assigned to this issue.
     This update also turns on verification of x509 certificates by default
     which was not the case before.
     Affected Products: SLE10-SP3, SLE11, openSUSE 11.0, 11.1, 11.2
   - xmlrpc-c
     This update of libxmlrpc is not vulnerable to denial of service bugs
     that can occur while processing malformed XML input.
     - CVE-2009-2625: CVSS v2 Base Score: 5.0: Permissions, Privileges,
                      and Access Control (CWE-264)
     - CVE-2009-3720: CVSS v2 Base Score: 5.0: Insufficient Information
     - CVE-2009-3560: CVSS v2 Base Score: 5.0: Buffer Errors (CWE-119)
     Affected Products: SLES9, SLE11
   - XFree86/xorg-x11
     X clients could cause a memory corruption in the X Render extension
     which crashes the X server (CVE-2010-1166).
     Affected Products: SLES9, SLE10-SP3
   - yast2-webclient
     WebYaST generates the secret key used to create session cookies
     after package installation. Since WebYaST appliances use
     pre-installed images all such instances end up using the same secret
     key (CVE-2010-1507).
 


출처: http://lwn.net/Articles/398464/
reTweet
Posted by 문스랩닷컴
blog comments powered by Disqus


    Web Analytics Blogs Directory