Advisories | Mandriva

Package name	sarg
Date	March 27th, 2008
Advisory ID	MDVSA-2008:079
Affected versions	MNF2.0, 2007.0, 2007.1, 2008.0
Synopsis	Updated sarg packages fix multiple vulnerabilities

Problem Description

A stack-based buffer overflow in sarg (Squid Analysis Report Generator)
allowed remote attackers to execute arbitrary code via a long Squid
proxy server User-Agent header (CVE-2008-1167).

A cross-site scripting vulnerability in sarg version 2.x prior to
2.2.5 allowed remote attackers to inject arbitrary web script or
HTML via the User-Agent heder, which is not properly handled when
displaying the Squid proxy log (CVE-2008-1168).

In addition, a number of other fixes have been made such as making
the getword() function more robust which should prevent any overflows,
other segfaults have been fixed, and the useragent report is now more
consistent with the other reports.

The updated packages have been patched to correct these issues.

Updated Packages

Multi Network Firewall 2.0

 b64d9f675b66d14ee65541156d28b052  mnf/2.0/i586/sarg-2.2.5-0.1.M20mdk.i586.rpm 
 3d6ffd13a3be1adefcf4e34f06aba0f2  mnf/2.0/SRPMS/sarg-2.2.5-0.1.M20mdk.src.rpm

Mandriva Linux 2007

 58e1392f51ac7b5a9448cf115ebdb873  2007.0/i586/sarg-2.2.5-0.2mdv2007.0.i586.rpm 
 f371cca6116e77d468cc2448411e519d  2007.0/SRPMS/sarg-2.2.5-0.2mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 c0653588b531b967a14060d798fbead5  2007.0/x86_64/sarg-2.2.5-0.2mdv2007.0.x86_64.rpm 
 f371cca6116e77d468cc2448411e519d  2007.0/SRPMS/sarg-2.2.5-0.2mdv2007.0.src.rpm

Mandriva Linux 2007.1

 df54b85b57812799134352f39b0d33da  2007.1/i586/sarg-2.2.5-0.2mdv2007.1.i586.rpm 
 13ab13a2899555be0a75424baa334374  2007.1/SRPMS/sarg-2.2.5-0.2mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64

 784c6b0bb36ca30853d0c1ccbb26cb8f  2007.1/x86_64/sarg-2.2.5-0.2mdv2007.1.x86_64.rpm 
 13ab13a2899555be0a75424baa334374  2007.1/SRPMS/sarg-2.2.5-0.2mdv2007.1.src.rpm

Mandriva Linux 2008.0

 3cd060eaef73255b0252529ea80f4873  2008.0/i586/sarg-2.2.5-0.2mdv2008.0.i586.rpm 
 695d91f0647d0097047e14abb09df4f5  2008.0/SRPMS/sarg-2.2.5-0.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64

 cf17fe2e63bcd5afb2b274ae8164892b  2008.0/x86_64/sarg-2.2.5-0.2mdv2008.0.x86_64.rpm 
 695d91f0647d0097047e14abb09df4f5  2008.0/SRPMS/sarg-2.2.5-0.2mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1168

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.