Security Advisory Insecure DocBook stylesheet option

Advisory: RHSA-2002:062-08
Type: Security Advisory
Severity: N/A
Issued on: 2002-04-11
Last updated on: 2002-04-26
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.1 for zSeries
Red Hat Linux 7.2
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-0169

Details

DocBook is a document markup language that can be transformed into
other formats using a stylesheet. The default stylesheet provided
with Red Hat Linux has an insecure option enabled.

The default stylesheet used when converting a DocBook document to
multiple HTML files allows an untrusted document to write files
outside of the current directory. This is because element
identifiers (specified in the document) are used to form the names of
the output files. If an untrusted document uses a full pathname as an
identifier, it can cause that file to be written to -- as long as the
user performing the conversion has write access.

Updated docbook-utils packages are available that disable this
feature and enable filenames to be generated based on the type
of the element rather than its identifier.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-0169 to this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains
the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/stylesheets-1.54.13rh-1.1.src.rpm
Missing file		     263e520f94a1685cef9f1e4cafc8e485
 
Alpha:
ftp://updates.redhat.com/6.2/en/os/noarch/stylesheets-1.54.13rh-1.1.noarch.rpm
Missing file		     7065d23d1f0c1f7e9903d642f45e2b14
 
IA-32:
ftp://updates.redhat.com/6.2/en/os/noarch/stylesheets-1.54.13rh-1.1.noarch.rpm
Missing file		     7065d23d1f0c1f7e9903d642f45e2b14
 
Sparc:
ftp://updates.redhat.com/6.2/en/os/noarch/stylesheets-1.54.13rh-1.1.noarch.rpm
Missing file		     7065d23d1f0c1f7e9903d642f45e2b14
 
Red Hat Linux 7.0
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/stylesheets-1.54.13rh-5.1.src.rpm
Missing file		     5147e48a9799d6c4be9e61986628cc9a
 
Alpha:
ftp://updates.redhat.com/7.0/en/os/noarch/stylesheets-1.54.13rh-5.1.noarch.rpm
Missing file		     e1ce94d77e1bb5dbfda409b6f53f9858
 
IA-32:
ftp://updates.redhat.com/7.0/en/os/noarch/stylesheets-1.54.13rh-5.1.noarch.rpm
Missing file		     e1ce94d77e1bb5dbfda409b6f53f9858
 
Red Hat Linux 7.1
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/docbook-utils-0.6-13.2.src.rpm
Missing file		     faa79f4d0d834fb4ddb5a82ec9d2ad64
 
Alpha:
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-0.6-13.2.noarch.rpm
Missing file		     affe6a01d519aedbf1f25783650e9e2a
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-pdf-0.6-13.2.noarch.rpm
Missing file		     e56145c2247e7cc05f3dddba079db3cd
 
IA-32:
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-0.6-13.2.noarch.rpm
Missing file		     affe6a01d519aedbf1f25783650e9e2a
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-pdf-0.6-13.2.noarch.rpm
Missing file		     e56145c2247e7cc05f3dddba079db3cd
 
IA-64:
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-0.6-13.2.noarch.rpm
Missing file		     affe6a01d519aedbf1f25783650e9e2a
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-pdf-0.6-13.2.noarch.rpm
Missing file		     e56145c2247e7cc05f3dddba079db3cd
 
Red Hat Linux 7.1 for zSeries
s390x:
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-0.6-13.2.noarch.rpm
Missing file		     affe6a01d519aedbf1f25783650e9e2a
ftp://updates.redhat.com/7.1/en/os/noarch/docbook-utils-pdf-0.6-13.2.noarch.rpm
Missing file		     e56145c2247e7cc05f3dddba079db3cd
 
Red Hat Linux 7.2
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/docbook-utils-0.6.9-2.1.src.rpm
Missing file		     1d68f5de2052550307fbb3182f751915
 
IA-32:
ftp://updates.redhat.com/7.2/en/os/noarch/docbook-utils-0.6.9-2.1.noarch.rpm
Missing file		     e6b43a27e4712ee6a91871605092acab
ftp://updates.redhat.com/7.2/en/os/noarch/docbook-utils-pdf-0.6.9-2.1.noarch.rpm
Missing file		     a45e3dddc9f3269c3db77bd153697df3
 
IA-64:
ftp://updates.redhat.com/7.2/en/os/noarch/docbook-utils-0.6.9-2.1.noarch.rpm
Missing file		     e6b43a27e4712ee6a91871605092acab
ftp://updates.redhat.com/7.2/en/os/noarch/docbook-utils-pdf-0.6.9-2.1.noarch.rpm
Missing file		     a45e3dddc9f3269c3db77bd153697df3
 
s390:
ftp://updates.redhat.com/7.2/en/os/noarch/docbook-utils-0.6.9-2.1.noarch.rpm
Missing file		     e6b43a27e4712ee6a91871605092acab
ftp://updates.redhat.com/7.2/en/os/noarch/docbook-utils-pdf-0.6.9-2.1.noarch.rpm
Missing file		     a45e3dddc9f3269c3db77bd153697df3
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0169

Keywords

docbook, stylesheet

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/