From noreply at frugalware.org Sun Sep 3 22:01:16 2006 From: noreply at frugalware.org (VMiklos) Date: Sun Sep 3 22:01:17 2006 Subject: [Frugalware-security] [ FSA-1 ] zlib Message-ID: <20060903200116.4E5F34E88B0@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-1 Date: 2006-09-03 Package: zlib Vulnerable versions: <= 1.2.3-1 Unaffected versions: >= 1.2.3-2wanda1 Related bugreport: http://bugs.frugalware.org/983 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0059 Description =========== zlib is a compression/decompression library. This is just a fake FSA for testing purposes. Updated Packages ================ Check if you have zlib installed: # pacman -Q zlib If found, then you should upgrade to the latest version: # pacman -Sy zlib -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFE+zSMZ7NElSD1VhkRApsUAJ44Tt+/sD+XmN/7NdkMgB0MKWZDdwCdEn8n PPPT464fUhVgxBkBzA7IOMU= =K+b1 -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Sep 16 15:08:26 2006 From: noreply at frugalware.org (voroskoi) Date: Sat Sep 16 15:08:28 2006 Subject: [Frugalware-security] [ FSA-1 ] libxfont Message-ID: <20060916130826.684E84E8FC9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-1 Date: 2006-09-16 Package: libxfont Vulnerable versions: <= 1.2.0-2 Unaffected versions: >= 1.2.2-1siwenna1 Related bugreport: http://bugs.frugalware.org/1137 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739, http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740 Description =========== libxfont is the X.Org Xfont library Updated Packages ================ Check if you have libxfont installed: # pacman -Q libxfont If found, then you should upgrade to the latest version: # pacman -Sy libxfont -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFC/dKZ7NElSD1VhkRAvXUAJ0Zw1UjiTzpZgoGtYBCKeEpmbSoSgCeOwTn +UHOjeDJc0SjhCLTC1r/o1A= =XktT -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Sep 19 10:33:55 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Sep 19 10:33:58 2006 Subject: [Frugalware-security] [ FSA-2 ] nss Message-ID: <20060919083355.6B0E34E8FC9@genesis.frugalware.org> From noreply at frugalware.org Tue Sep 19 10:39:57 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Sep 19 10:39:58 2006 Subject: [Frugalware-security] [ FSA-2 ] nss Message-ID: <20060919083957.679414E8FC9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-2 Date: 2006-09-18 Package: nss Vulnerable versions: <= 3.11.2-1 Unaffected versions: >= 3.11.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/1148 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 Description =========== nss is Mozilla's Network Security Services library. Updated Packages ================ Check if you have nss installed: # pacman -Q nss If found, then you should upgrade to the latest version: # pacman -Sy nss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFD6zdZ7NElSD1VhkRAsTwAKCM0DHjVEOMAY2N3PHPR8ISy0sCFwCbBw62 tF8ZKPdlG+jwfzGa+rV/I+U= =YqIy -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Sep 25 11:41:21 2006 From: noreply at frugalware.org (voroskoi) Date: Mon Sep 25 11:41:23 2006 Subject: [Frugalware-security] [ FSA-3 ] gzip Message-ID: <20060925094121.9CD47FA4025@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-3 Date: 2006-09-25 Package: gzip Vulnerable versions: <= 1.2.4b-1 Unaffected versions: >= 1.2.4b-2siwenna1 Related bugreport: http://bugs.frugalware.org/1189 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 Description =========== Tavis Ormandy from the Google Security Team discovered several vulnerabilities in gzip, the GNU compression utility. Updated Packages ================ Check if you have gzip installed: # pacman -Q gzip If found, then you should upgrade to the latest version: # pacman -Sy gzip -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFF6RBZ7NElSD1VhkRAvYAAJ9Tcb2MIabdbdm/ZnOpNPnbEoPsHQCeIsvY 32wYf0LN575TiTHrIbVuMk0= =WMI2 -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Sep 26 18:19:44 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Sep 26 18:19:47 2006 Subject: [Frugalware-security] [ FSA-4 ] firefox Message-ID: <20060926161945.08CE0FA432E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-4 Date: 2006-09-26 Package: firefox Vulnerable versions: <= 1.5.0.6-2 Unaffected versions: >= 1.5.0.7-1siwenna1 Related bugreport: http://bugs.frugalware.org/1147 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571 Description =========== Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct man-in-the-middle, spoofing, and cross-site scripting attacks, and potentially compromise a user's system. Updated Packages ================ Check if you have firefox installed: # pacman -Q firefox If found, then you should upgrade to the latest version: # pacman -Sy firefox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFGVMgZ7NElSD1VhkRAnTdAJ9ZzYFQalZP9uRyq1Q3e6fJxeo13QCfZOqE xGTklnLbgtwUX0Sapc43OF8= =OODY -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Sep 26 18:41:55 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Sep 26 18:41:57 2006 Subject: [Frugalware-security] [ FSA-5 ] gnutls Message-ID: <20060926164155.711EAFA431E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-5 Date: 2006-09-26 Package: gnutls Vulnerable versions: <= 1.5.0-2 Unaffected versions: >= 1.5.1-1siwenna1 Related bugreport: http://bugs.frugalware.org/1196 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4790 Description =========== A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the verification of certain signatures. Updated Packages ================ Check if you have gnutls installed: # pacman -Q gnutls If found, then you should upgrade to the latest version: # pacman -Sy gnutls -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFGVhTZ7NElSD1VhkRAr+OAJwN2HL/i7MePDx3aOQjRcfyqJCgOACfZ4zU CS3JvQl7ChYbrN6jyoJlhsc= =b7Nw -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Sep 26 19:01:12 2006 From: noreply at frugalware.org (voroskoi) Date: Tue Sep 26 19:01:14 2006 Subject: [Frugalware-security] [ FSA-6 ] thunderbird Message-ID: <20060926170112.8B49AFA432E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-6 Date: 2006-09-26 Package: thunderbird Vulnerable versions: <= 1.5.0.5-2 Unaffected versions: >= 1.5.0.7-1siwenna1 Related bugreport: http://bugs.frugalware.org/1145 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571 Description =========== Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct man-in-the-middle attacks, bypass certain security restrictions, and potentially compromise a user's system. Updated Packages ================ Check if you have thunderbird installed: # pacman -Q thunderbird If found, then you should upgrade to the latest version: # pacman -Sy thunderbird -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFGVzYZ7NElSD1VhkRAibVAJ0cIif2kboPD/Gftk9fLFdoobLLqACghKFK WcJF38cVGVxRg5dHYglw3Uo= =vzqB -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Sep 30 11:05:07 2006 From: noreply at frugalware.org (voroskoi) Date: Sat Sep 30 11:05:11 2006 Subject: [Frugalware-security] [ FSA-7 ] seamonkey Message-ID: <20060930090507.CE52FFA4333@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-7 Date: 2006-09-30 Package: seamonkey Vulnerable versions: <= 1.0.4-1 Unaffected versions: >= 1.0.5-1siwenna1 Related bugreport: http://bugs.frugalware.org/1146 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4253 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4565 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4571 Description =========== Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system. Updated Packages ================ Check if you have seamonkey installed: # pacman -Q seamonkey If found, then you should upgrade to the latest version: # pacman -Sy seamonkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFHjNDZ7NElSD1VhkRAqlBAKCGl5ICCAjo6cN5KiPNeD8J+FwAdACgis/b Gne+FhyQKelsWXvZR1ZsY4c= =NdGS -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Sep 30 11:16:12 2006 From: noreply at frugalware.org (voroskoi) Date: Sat Sep 30 11:16:14 2006 Subject: [Frugalware-security] [ FSA-8 ] flashplugin Message-ID: <20060930091612.C1ABEFA431E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-8 Date: 2006-09-30 Package: flashplugin Vulnerable versions: <= 7.0r63-1 Unaffected versions: >= 7.0r68-1siwenna1 Related bugreport: http://bugs.frugalware.org/1160 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3014 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3311 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4640 Description =========== Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. Updated Packages ================ Check if you have flashplugin installed: # pacman -Q flashplugin If found, then you should upgrade to the latest version: # pacman -Sy flashplugin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFHjXcZ7NElSD1VhkRAnVCAKCPaC6ZT5gMkHnler7zlVlSAM5FcQCaAiao vGtGAuFWwmY0S+g7IVycFyU= =Ltmw -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Sep 30 12:11:25 2006 From: noreply at frugalware.org (voroskoi) Date: Sat Sep 30 12:11:34 2006 Subject: [Frugalware-security] [ FSA-9 ] openssh Message-ID: <20060930101125.DD45CFA4016@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-9 Date: 2006-09-30 Package: openssh Vulnerable versions: <= 4.3p2-3 Unaffected versions: >= 4.3p2-4siwenna1 Related bugreport: http://bugs.frugalware.org/1215 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 Description =========== Tavis Ormandy has reported a vulnerability in OpenSSH, which can be exploited by malicious people to cause a DoS (Denial of Service). Updated Packages ================ Check if you have openssh installed: # pacman -Q openssh If found, then you should upgrade to the latest version: # pacman -Sy openssh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFHkLNZ7NElSD1VhkRAoc9AJ9tXuFMnRDMFmJoYkPpQgix022ZxwCeKIQS 8pl2SsWSTBHPjcpwUQCHi34= =qJ/p -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Sep 30 13:44:00 2006 From: noreply at frugalware.org (voroskoi) Date: Sat Sep 30 13:44:02 2006 Subject: [Frugalware-security] [ FSA-10 ] mailman Message-ID: <20060930114400.49B2DFA4337@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-10 Date: 2006-09-30 Package: mailman Vulnerable versions: <= 2.1.8-1 Unaffected versions: >= 2.1.9-1siwenna1 Related bugreport: http://bugs.frugalware.org/1101 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2941 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3636 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4624 Description =========== Some vulnerabilities have been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service). Updated Packages ================ Check if you have mailman installed: # pacman -Q mailman If found, then you should upgrade to the latest version: # pacman -Sy mailman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFHliAZ7NElSD1VhkRApZNAKCdf9J5xTKdkHFKARtF9pqqHY0vrQCfezQ0 0aIbSkQC2E09n2wfqDS+IvU= =Hsla -----END PGP SIGNATURE-----