From noreply at frugalware.org Sun Oct 1 07:59:32 2006 From: noreply at frugalware.org (voroskoi) Date: Sun Oct 1 07:59:35 2006 Subject: [Frugalware-security] [ FSA-11 ] openssl Message-ID: <20061001055932.AA993FA4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-11 Date: 2006-10-01 Package: openssl Vulnerable versions: <= 0.9.8-4 Unaffected versions: >= 0.9.8-5siwenna1 Related bugreport: http://bugs.frugalware.org/1228 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 Description =========== Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Updated Packages ================ Check if you have openssl installed: # pacman -Q openssl If found, then you should upgrade to the latest version: # pacman -Sy openssl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFH1lEZ7NElSD1VhkRAs7RAJ9RIoOnIAYoZU0tTDSaYK6tagWt5wCgiSr7 8rIbeLzaiH0l9Gg/+xkhtp0= =7p8l -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Oct 1 08:07:16 2006 From: noreply at frugalware.org (voroskoi) Date: Sun Oct 1 08:07:19 2006 Subject: [Frugalware-security] [ FSA-12 ] openssh Message-ID: <20061001060716.1D978FA4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-12 Date: 2006-10-01 Package: openssh Vulnerable versions: <= 4.3p2-4siwenna1 Unaffected versions: >= 4.4p1-1siwenna1 Related bugreport: http://bugs.frugalware.org/1235 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5052 Description =========== Mark Dowd reported a vulnerability in OpenSSH, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise of a vulnerable system. Updated Packages ================ Check if you have openssh installed: # pacman -Q openssh If found, then you should upgrade to the latest version: # pacman -Sy openssh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFH1sUZ7NElSD1VhkRApA1AJ9HosZpW439yaHYQGW87UBYdopVHACfW4vp BpAgum5+opw0zHvzri4Vz0E= =SkPO -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 2 22:42:42 2006 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 2 22:42:45 2006 Subject: [Frugalware-security] [ FSA-13 ] bind Message-ID: <20061002204242.ADFFDFA4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-13 Date: 2006-10-02 Package: bind Vulnerable versions: <= 9.3.2-1 Unaffected versions: >= 9.3.2_P1-1siwenna1 Related bugreport: http://bugs.frugalware.org/1161 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096 Description =========== Some vulnerabilities have been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). Updated Packages ================ Check if you have bind installed: # pacman -Q bind If found, then you should upgrade to the latest version: # pacman -Sy bind -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFIXnCZ7NElSD1VhkRAsnDAJ9hlhRWyrNxDe/FzrioN46yxq3I4ACfSQuA 6eVhQMAMZuspBIRHZ30To10= =SPPy -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 2 23:05:51 2006 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 2 23:05:54 2006 Subject: [Frugalware-security] [ FSA-14 ] openvpn Message-ID: <20061002210551.D3C26FA4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-14 Date: 2006-10-02 Package: openvpn Vulnerable versions: <= 2.0.7-1 Unaffected versions: >= 2.0.8-1siwenna1 Related bugreport: http://bugs.frugalware.org/1162 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 Description =========== A vulnerability has been reported in OpenVPN, which potentially can be exploited by malicious people to bypass certain security restrictions. Updated Packages ================ Check if you have openvpn installed: # pacman -Q openvpn If found, then you should upgrade to the latest version: # pacman -Sy openvpn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFIX8vZ7NElSD1VhkRAmUcAJ9+u6kynM6dO+oeOuAkYUXp6uZAQwCfWGQv IrWlcZMGL66sZn55BtJjhYw= =iGl4 -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 2 23:30:18 2006 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 2 23:30:22 2006 Subject: [Frugalware-security] [ FSA-15 ] phpmyadmin Message-ID: <20061002213018.A415AFA4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-15 Date: 2006-10-02 Package: phpmyadmin Vulnerable versions: <= 2.8.2.4-1 Unaffected versions: >= 2.9.1_rc1-1siwenna1 Related bugreport: http://bugs.frugalware.org/1229 CVE: There is no CVE entry for this issue, see: http://secunia.com/advisories/22126 Description =========== Sebastian Mendel, Stefan Esser, and Michael Heimpold Some have reported Some vulnerabilities with unknown impacts in phpMyAdmin. Updated Packages ================ Check if you have phpmyadmin installed: # pacman -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman -Sy phpmyadmin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFIYTqZ7NElSD1VhkRAmfoAJ0dKcbzbTzeGKMSGiV5Acs6m0ICqACeLp98 gE5gVCB4WQ5AHekCUXI3LYI= =qaXT -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 3 10:57:00 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 3 10:57:04 2006 Subject: [Frugalware-security] [ FSA-16 ] gzip-devel Message-ID: <20061003085700.B0ED7FA4334@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-16 Date: 2006-10-03 Package: gzip-devel Vulnerable versions: <= 1.3.5-1 Unaffected versions: >= 1.3.5-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1210 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 Description =========== Tavis Ormandy has reported some vulnerabilities in gzip, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Updated Packages ================ Check if you have gzip-devel installed: # pacman -Q gzip-devel If found, then you should upgrade to the latest version: # pacman -Sy gzip-devel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFIiXcZ7NElSD1VhkRAoP0AJ9qGKywufgrIyNYNEgJtF4baUUyiACgi47C FDZzc7jzWBNVi79b+hF3kN4= =LBXX -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 3 11:53:05 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 3 11:53:08 2006 Subject: [Frugalware-security] [ FSA-17 ] gst-ffmpeg Message-ID: <20061003095305.74790FA4332@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-17 Date: 2006-10-03 Package: gst-ffmpeg Vulnerable versions: <= 0.10.1-2 Unaffected versions: >= 0.10.1-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1239 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800 Description =========== Some vulnerabilities have been reported in GStreamer FFmpeg Plug-in, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Updated Packages ================ Check if you have gst-ffmpeg installed: # pacman -Q gst-ffmpeg If found, then you should upgrade to the latest version: # pacman -Sy gst-ffmpeg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFIjMBZ7NElSD1VhkRAguTAJ968G7IyeZkCNoXaTXMd+h9ODX7LwCfblPK bRs6O0JkBVSv1RfyqLPe0zk= =AuoV -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 3 14:51:51 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 3 14:52:00 2006 Subject: [Frugalware-security] [ FSA-18 ] openvpn Message-ID: <20061003125151.BE1C5FA4330@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-18 Date: 2006-10-03 Package: openvpn Vulnerable versions: <= 2.0.8-1siwenna1 Unaffected versions: >= 2.0.9-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1246 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 Description =========== Some vulnerabilities have been reported in OpenVPN, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Updated Packages ================ Check if you have openvpn installed: # pacman -Q openvpn If found, then you should upgrade to the latest version: # pacman -Sy openvpn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFIlznZ7NElSD1VhkRAk6HAJ990DvP8jpf/4djnjkLcp/5YtZfKQCfT+w9 APmza4Z/5+N30cBscRM8zq0= =o2t6 -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 9 20:56:30 2006 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 9 20:56:32 2006 Subject: [Frugalware-security] [ FSA-19 ] j2re Message-ID: <20061009185630.4E27BFA42DC@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-19 Date: 2006-10-09 Package: j2re Vulnerable versions: <= 5.0_08-1 Unaffected versions: >= 5.0_09-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1251 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 Description =========== Sun has acknowledged a vulnerability in Sun JDK / SDK, which potentially can be exploited by malicious people to bypass certain security restrictions. Updated Packages ================ Check if you have j2re installed: # pacman -Q j2re If found, then you should upgrade to the latest version: # pacman -Sy j2re -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFKpteZ7NElSD1VhkRAjokAJ0TkPlqopyvxbiuqeBuB6cKwCAx/QCfQ+EF YhmG0ucIjxuS2T18dNHwX/0= =XriX -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 9 21:01:32 2006 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 9 21:01:35 2006 Subject: [Frugalware-security] [ FSA-20 ] j2sdk Message-ID: <20061009190132.B51E5FA42DC@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-20 Date: 2006-10-09 Package: j2sdk Vulnerable versions: <= 5.0_08-1 Unaffected versions: >= 5.0_09-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1251 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 Description =========== Sun has acknowledged a vulnerability in Sun JDK / SDK, which potentially can be exploited by malicious people to bypass certain security restrictions. Updated Packages ================ Check if you have j2sdk installed: # pacman -Q j2sdk If found, then you should upgrade to the latest version: # pacman -Sy j2sdk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFKpyMZ7NElSD1VhkRAseSAKCRTO6jHzIk9PQ37gvRHVCSnXg2KQCfbtbc 5LTJjnuZt0oqHvWod4rAHJ0= =AEA6 -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 10 12:05:55 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 10 12:06:01 2006 Subject: [Frugalware-security] [ FSA-21 ] mono Message-ID: <20061010100555.D7444FA42DC@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-21 Date: 2006-10-10 Package: mono Vulnerable versions: <= 1.1.17.1-2 Unaffected versions: >= 1.1.17.2-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1261 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5072 Description =========== A vulnerability has been reported in Mono, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Updated Packages ================ Check if you have mono installed: # pacman -Q mono If found, then you should upgrade to the latest version: # pacman -Sy mono -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFK3CDZ7NElSD1VhkRAlNFAKCLftmBOgO5H40FdWeSGT6kkTIz4gCeMtEq 8FIefhsAXFASII5iKk0hyqc= =OLSI -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Oct 11 09:49:37 2006 From: noreply at frugalware.org (voroskoi) Date: Wed Oct 11 09:49:39 2006 Subject: [Frugalware-security] [ FSA-22 ] php Message-ID: <20061011074937.297FE4E825A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-22 Date: 2006-10-11 Package: php Vulnerable versions: <= 5.1.6-1 Unaffected versions: >= 5.1.6-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1266 http://bugs.frugalware.org/task/1291 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4812 Description =========== A vulnerability has been reported in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Maksymilian Arciemowicz has reported a vulnerability in PHP, which can be exploited by malicious, local users to bypass certain security restrictions. Updated Packages ================ Check if you have php installed: # pacman -Q php If found, then you should upgrade to the latest version: # pacman -Sy php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFLKIQZ7NElSD1VhkRArftAKCIsZJS0Bj108rfdZR1+DqL03TXJQCghjim ZiBV1q4TaqUVgO0u6l9G9fw= =BQoN -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 12 14:43:53 2006 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 12 14:44:09 2006 Subject: [Frugalware-security] [ FSA-23 ] python Message-ID: <20061012124353.83F9AFA42EE@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-23 Date: 2006-10-12 Package: python Vulnerable versions: <= 2.4.3-3 Unaffected versions: >= 2.4.3-4siwenna1 Related bugreport: http://bugs.frugalware.org/task/1284 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980 Description =========== A vulnerability has been reported in Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Updated Packages ================ Check if you have python installed: # pacman -Q python If found, then you should upgrade to the latest version: # pacman -Sy python -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFLjiIZ7NElSD1VhkRApspAKCVW12h6RYNrfyu3PtsG8yVKxVmywCeJnyf ES6ohMIAwBqkfkaMSt9Lz/U= =XHKz -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 19 14:23:44 2006 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 19 14:23:48 2006 Subject: [Frugalware-security] [ FSA-24 ] clamav Message-ID: <20061019122344.5CD5DFA42DB@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-24 Date: 2006-10-19 Package: clamav Vulnerable versions: <= 0.88.4-1 Unaffected versions: >= 0.88.5-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1316 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5295 Description =========== Two vulnerabilities have been reported in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Updated Packages ================ Check if you have clamav installed: # pacman -Q clamav If found, then you should upgrade to the latest version: # pacman -Sy clamav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFN25QZ7NElSD1VhkRAoL4AJ91kUqb0jVNstkHqK2BHzS9RE8DXgCfXANL 04U2KDdCJcfHbP79PwvBCMQ= =nq5Z -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Oct 21 14:57:18 2006 From: noreply at frugalware.org (voroskoi) Date: Sat Oct 21 14:57:25 2006 Subject: [Frugalware-security] [ FSA-25 ] kernel Message-ID: <20061021125718.7E6E64E825C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-25 Date: 2006-10-21 Package: kernel Vulnerable versions: <= 2.6.17-5 Unaffected versions: >= 2.6.17-6siwenna1 Related bugreport: http://bugs.frugalware.org/task/1323 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4623 Description =========== Ang Way Chuang has reported a vulnerability in Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the ULE (Unidirectional Lightweight Encapsulation) decapsulation code when processing ULE packets. This can be exploited to crash the system by sending a malicious ULE packet with an SNDU (Sub Network Data Unit) size of 0 Updated Packages ================ Check if you have kernel installed: # pacman -Q kernel If found, then you should upgrade to the latest version: # pacman -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFOhkuZ7NElSD1VhkRAvI7AKCdf0Wzp03Lf2lJ2vhBHhAUTdeKWwCfRE2d E33oOPMgNI/C3mL4B8wz76M= =0mms -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 24 00:42:15 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 24 00:42:18 2006 Subject: [Frugalware-security] [ FSA-26 ] qt Message-ID: <20061023224215.7D42D4E81D9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-26 Date: 2006-10-24 Package: qt Vulnerable versions: <= 3.3.6-4 Unaffected versions: >= 3.3.6-5 Related bugreport: http://bugs.frugalware.org/task/1335 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 Description =========== A vulnerability has been reported in Qt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an integer overflow within the way Qt handles certain pixmap images. This can potentially be exploited to execute arbitrary code by e.g. causing an application linked against Qt to process a specially crafted pixmap image. Updated Packages ================ Check if you have qt installed: # pacman -Q qt If found, then you should upgrade to the latest version: # pacman -Sy qt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFPUVHZ7NElSD1VhkRAmPaAKChEYHagQ+rO4n+zUQ8/RljyUB5HgCeO4JP PLZWzciNNA0fk3DWlm25uDA= =EK/c -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 24 00:48:11 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 24 00:48:13 2006 Subject: [Frugalware-security] [ FSA-27 ] qt4 Message-ID: <20061023224811.231044E81D9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-27 Date: 2006-10-24 Package: qt4 Vulnerable versions: <= 4.1.4-5 Unaffected versions: >= 4.1.4-6 Related bugreport: http://bugs.frugalware.org/task/1336 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 Description =========== A vulnerability has been reported in Qt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an integer overflow within the way Qt handles certain pixmap images. This can potentially be exploited to execute arbitrary code by e.g. causing an application linked against Qt to process a specially crafted pixmap image. Updated Packages ================ Check if you have qt4 installed: # pacman -Q qt4 If found, then you should upgrade to the latest version: # pacman -Sy qt4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFPUarZ7NElSD1VhkRAnkzAJ0Rpztakhhn+3LPTjGSLWXfgJunYwCgmj1M CP1FEy891pRZrks+wF+XXAw= =qQCE -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 24 00:57:42 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 24 00:57:48 2006 Subject: [Frugalware-security] [ FSA-28 ] nvidia Message-ID: <20061023225742.9797C4E81D9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-28 Date: 2006-10-24 Package: nvidia Vulnerable versions: <= 1.0_8774-4siwenna1 Unaffected versions: >= 1.0_8776-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1326 CVE: There is no CVE entry for this issue, see: http://www.rapid7.com/advisories/R7-0025.jsp Description =========== Rapid7 has reported a vulnerability in NVIDIA Binary Graphics Driver for Linux, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a user's system. A boundary error when performing accelerated rendering of glyphs can be exploited to cause a buffer overflow via a specially crafted short sequence of user-supplied glyphs. Successful exploitation allows execution of arbitrary code with "root" privileges. Updated Packages ================ Check if you have nvidia installed: # pacman -Q nvidia If found, then you should upgrade to the latest version: # pacman -Sy nvidia -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFPUjmZ7NElSD1VhkRAhVjAKCjAX5juGsq+w3NxjRACtFFe22uEgCfekt3 /AQpvBCVBeyGXVKLUZFiv2M= =7UUf -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 24 01:25:16 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 24 01:25:19 2006 Subject: [Frugalware-security] [ FSA-29 ] asterisk Message-ID: <20061023232516.0D83DFA42F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-29 Date: 2006-10-24 Package: asterisk Vulnerable versions: <= asterisk-1.2.11-1 Unaffected versions: >= asterisk-1.2.13-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1339 CVE: There is no CVE entry for this issue, see: http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html Description =========== Adam Boileau has reported a vulnerability in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the "get_input()" function in chan_skinny.c. This can be exploited to cause a heap-based buffer overflow by sending specially crafted packets to the Asterisk Skinny channel driver. Successful exploitation may allow the execution of arbitrary code, but requires that "chan_skinny" is loaded. Updated Packages ================ Check if you have asterisk installed: # pacman -Q asterisk If found, then you should upgrade to the latest version: # pacman -Sy asterisk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFPU9bZ7NElSD1VhkRAqskAJ9n82C43a+VRlSYW+WIRPRpd5b7xgCfbSo6 EHRYki6YVWxaqabPrRNYx3s= =NnHW -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Oct 25 20:46:55 2006 From: noreply at frugalware.org (voroskoi) Date: Wed Oct 25 20:46:58 2006 Subject: [Frugalware-security] [ FSA-30 ] drupal Message-ID: <20061025184655.820F54E8248@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-30 Date: 2006-10-25 Package: drupal Vulnerable versions: <= 4.7.3-1 Unaffected versions: >= 4.7.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1338 CVE: There is no CVE for this issue, see: http://secunia.com/advisories/22486 Description =========== Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Some unspecified input is not properly sanitised in the XML parser before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site via a specially crafted RSS feed. Successful exploitation requires that the PHP "mbstring" extension is disabled. 2) Some unspecified input is not properly sanitised before being used in the "aggregator", "profile", and "forum" module. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site. 3) An error exists due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the user's request. This can e.g. be exploited to change passwords, post PHP code, or create new users. 4) Some input to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to redirect a user's form submission to an attackers site when the user is tricked to use a specially crafted link. Updated Packages ================ Check if you have drupal installed: # pacman -Q drupal If found, then you should upgrade to the latest version: # pacman -Sy drupal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFP7EfZ7NElSD1VhkRAjcjAJ4qA53Jy5vtRZIq+3vFsz+476BzsgCfaAYg SI1HinLwM+I0EVb/SiNEh0Q= =vQnX -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 26 17:53:15 2006 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 26 17:53:19 2006 Subject: [Frugalware-security] [ FSA-31 ] cscope Message-ID: <20061026155315.B06834E8299@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-31 Date: 2006-10-26 Package: cscope Vulnerable versions: <= 15.5-1 Unaffected versions: >= 15.6-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1340 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4262 Description =========== Will Drewry has reported some vulnerabilities in Cscope, which potentially can be exploited by malicious people to compromise a vulnerable system. 1) Various boundary errors within the parsing of file lists or the expansion of environment variables can be exploited to cause stack-based buffer overflows when parsing specially crafted "cscope.lists" files or directories. 2) A boundary error within the parsing of command line arguments can be exploited to cause a stack-based buffer overflow when supplying an overly long "reffile" argument. Updated Packages ================ Check if you have cscope installed: # pacman -Q cscope If found, then you should upgrade to the latest version: # pacman -Sy cscope -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFQNnrZ7NElSD1VhkRAusTAJ4t7BWnXyc5KE42fkb1V0XACjW9jwCfVfho O/xRXYrkMeryKnGBBGxok/Y= =cTAS -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 26 18:00:26 2006 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 26 18:00:30 2006 Subject: [Frugalware-security] [ FSA-32 ] screen Message-ID: <20061026160026.561854E829A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-32 Date: 2006-10-26 Package: screen Vulnerable versions: <= 4.0.2-2 Unaffected versions: >= 4.0.3-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1366 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4573 Description =========== Some vulnerabilities have been reported in GNU Screen, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are caused due to errors within the handling of certain UTF-8 characters. This can be exploited to crash GNU Screen or potentially execute arbitrary code by printing a specially crafted string to the window. Updated Packages ================ Check if you have screen installed: # pacman -Q screen If found, then you should upgrade to the latest version: # pacman -Sy screen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFQNuaZ7NElSD1VhkRAgoXAJ40ZK/vX795aQfEQhCraLjeNmMI2ACePcRu 3tKtYDTtQ5ei2iNMgzGngyw= =FK7U -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Oct 27 12:06:48 2006 From: noreply at frugalware.org (voroskoi) Date: Fri Oct 27 12:06:56 2006 Subject: [Frugalware-security] [ FSA-33 ] postgresql Message-ID: <20061027100648.7A5644E8267@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-33 Date: 2006-10-27 Package: postgresql Vulnerable versions: <= 8.1.4-2 Unaffected versions: >= 8.1.5-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1367 CVE: There is no CVE for this issue, see: http://secunia.com/advisories/22562 Description =========== Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to cause a DoS (Denial of Service). 1) An incorrect type check before coercing unknown literals into the ANYARRAY type can be exploited to cause a crash when converting certain literals into ANYARRAY. 2) An error exists within the handling of aggregate functions in UPDATE statements, which can be exploited to crash the server backend. 3) An error within the logging of V3-protocol execute messages of ROLLBACK or COMMIT statements can be exploited to cause a crash. Updated Packages ================ Check if you have postgresql installed: # pacman -Q postgresql If found, then you should upgrade to the latest version: # pacman -Sy postgresql -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFQdo4Z7NElSD1VhkRAoytAJ9FoLuIvUrLfn2Vz1B1t00XQ2/F1QCfXizK vL6/D6y2rb9lJcxot4KvBSw= =kvnK -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 31 18:53:35 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 31 18:53:51 2006 Subject: [Frugalware-security] [ FSA-34 ] wv Message-ID: <20061031175336.20517FA468B@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-34 Date: 2006-10-31 Package: wv Vulnerable versions: <= 1.2.1-1 Unaffected versions: >= 1.2.4-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1374 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513 Description =========== Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the "wvGetLFO_records()" and "wvGetLFO_PLF()" functions. These can be exploited to cause heap-based buffer overflows by e.g. tricking a user to open a specially crafted Microsoft Word document with an application using the library. Updated Packages ================ Check if you have wv installed: # pacman -Q wv If found, then you should upgrade to the latest version: # pacman -Sy wv -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFR42ZZ7NElSD1VhkRAoqMAJ9CIeQYkK1iCBGdT6FdP4oOoDnEAgCgowBK YGTCmH3QwDbATg8BBnAnozk= =4Ade -----END PGP SIGNATURE-----