From noreply at frugalware.org Mon Apr 2 17:17:47 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Apr 2 17:17:49 2007 Subject: [Frugalware-security] [ FSA-142 ] openoffice.org Message-ID: <20070402151747.3BB6113A40A9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-142 Date: 2007-04-02 Package: openoffice.org Vulnerable versions: <= 2.1.0-5 Unaffected versions: >= 2.1.0-6terminus1 Related bugreport: http://bugs.frugalware.org/task/1856 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239 Description =========== Some vulnerabilities have been reported in OpenOffice.org, which potentially can be exploited by malicious people to compromise a user's system. 1) Several vulnerabilities within the libwpd library used by OpenOffice.org can be exploited to cause heap-based buffer overflows and may allow the execution of arbitrary code by e.g. tricking a user into opening a specially crafted WordPerfect document. 2) A boundary error within the StarCalc parser can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code by e.g. tricking a user into opening a specially crafted document. 3) Shell meta characters are not correctly escaped, which can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into opening a specially crafted document and clicking a malicious link. Updated Packages ================ Check if you have openoffice.org installed: # pacman -Q openoffice.org If found, then you should upgrade to the latest version: # pacman -Sy openoffice.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGER6bZ7NElSD1VhkRAtKoAJ9H4/378Bm3kAVCEtvJvdZS1dKflwCgoJ63 OAzDCcI2UOfS1UJKh52A/BY= =IfLS -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 5 18:37:31 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 5 18:37:33 2007 Subject: [Frugalware-security] [ FSA-143 ] evolution Message-ID: <20070405163731.854921E680BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-143 Date: 2007-04-05 Package: evolution Vulnerable versions: <= 2.10.0-1 Unaffected versions: >= 2.10.0-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1852 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1002 Description =========== Secunia Research has discovered a vulnerability in Evolution, which potentially can be exploited by malicious people to compromise a vulnerable system. A format string error in the "write_html()" function in calendar/gui/e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Successful exploitation requires that the user opens a shared memo in their mailbox, clicks on "Accept", and views the memo under the "Memo" tab. Updated Packages ================ Check if you have evolution installed: # pacman -Q evolution If found, then you should upgrade to the latest version: # pacman -Sy evolution -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGFSXLZ7NElSD1VhkRAgboAJsHNzuuQgEGZsd76kLH1Lm3O5wfBQCeMjQ/ bkNDMur+kPsfz/PTHx9vuUw= =RA8/ -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 5 18:43:55 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 5 18:43:57 2007 Subject: [Frugalware-security] [ FSA-144 ] xine-lib Message-ID: <20070405164355.3467F1E680BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-144 Date: 2007-04-05 Package: xine-lib Vulnerable versions: <= 1.1.4-2 Unaffected versions: >= 1.1.4-3terminus1 Related bugreport: http://bugs.frugalware.org/task/1839 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387 Description =========== Some vulnerabilities have been reported in xine-lib, which can potentially be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to boundary errors in the "DMO_VideoDecoder_Open()" function in src/libw32dll/dmo/DMO_VideoDecoder.c and in the "DS_VideoDecoder_Open()" function in src/libw32dll/DirectShow/DS_VideoDecoder.c. These can be exploited to cause heap based buffer overflows and may allow execution of arbitrary code via a specially crafted media file. Updated Packages ================ Check if you have xine-lib installed: # pacman -Q xine-lib If found, then you should upgrade to the latest version: # pacman -Sy xine-lib -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGFSdLZ7NElSD1VhkRAqQVAKCdeiDpR77gKhwE/HGIIkstDbAvpQCgg9vg nJKgLCDVBCfBVtcFuD/0Fis= =SfdX -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 5 18:54:49 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 5 18:54:53 2007 Subject: [Frugalware-security] [ FSA-145 ] truecrypt Message-ID: <20070405165449.EC0F51E680BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-145 Date: 2007-04-05 Package: truecrypt Vulnerable versions: <= 4.2a-7terminus1 Unaffected versions: >= 4.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1879 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1589 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1738 Description =========== A security issue has been reported in TrueCrypt, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The problem is that users are able to dismount volumes mounted by other users when the set-euid mode in Linux is used. Tim Rees has discovered a security issue in TrueCrypt, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The security issue is caused if the "truecrypt" binary is installed setuid root. This can be exploited to cause a DoS or gain escalated privileges by e.g. mounting a malicious TrueCrypt disk into /usr/bin or another user's home directory. Successful exploitation requires that TrueCrypt is installed setuid root (not default setting). Updated Packages ================ Check if you have truecrypt installed: # pacman -Q truecrypt If found, then you should upgrade to the latest version: # pacman -Sy truecrypt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGFSnZZ7NElSD1VhkRAuWSAKCmRfTdwDTQCCO66AqPpE7LqJ6jXwCeMy8n anj/0/biywRMVYBUYHhpaCw= =ROKx -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 5 19:08:49 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 5 19:08:53 2007 Subject: [Frugalware-security] [ FSA-146 ] libx11 Message-ID: <20070405170849.5BE971E680BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-146 Date: 2007-04-05 Package: libx11 Vulnerable versions: <= 1.1.1-1 Unaffected versions: >= 1.1.1-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1911 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 Description =========== Some vulnerabilities have been reported in X.Org X11, which potentially can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. 1) An integer overflow exists within the parsing of BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 2) An integer overflow exists within the parsing of the "fonts.dir" fonts information file. This can be exploited to cause a heap-based buffer overflow via a specially crafted fonts information file that specifies an element count of more than 1,073,741,824 in the first line. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 3) An input validation error exists within the "ProcXCMiscGetXIDList()" function of the XC-MISC extension. This can be exploited to cause a stack-based (if the "alloca()" function is available) or heap-based memory corruption by passing specially crafted parameters to the function. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 4) An integer overflow exists within the "XGetPixel()" function in ImUtil.c. This can be exploited to cause a crash or disclose potentially sensitive information by passing specially crafted parameters to the function. Updated Packages ================ Check if you have libx11 installed: # pacman -Q libx11 If found, then you should upgrade to the latest version: # pacman -Sy libx11 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGFS0hZ7NElSD1VhkRAiOuAJ4r1p7t6ywYpr22yQrCt2AHoU7qagCfbXBf TMCt2bkC3omxYxAHlA523dM= =BU6w -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 5 19:19:14 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 5 19:19:17 2007 Subject: [Frugalware-security] [ FSA-147 ] libxfont Message-ID: <20070405171914.8F5471E680BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-147 Date: 2007-04-05 Package: libxfont Vulnerable versions: <= 1.2.7-1 Unaffected versions: >= 1.2.7-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1912 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 Description =========== Some vulnerabilities have been reported in X.Org X11, which potentially can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. 1) An integer overflow exists within the parsing of BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 2) An integer overflow exists within the parsing of the "fonts.dir" fonts information file. This can be exploited to cause a heap-based buffer overflow via a specially crafted fonts information file that specifies an element count of more than 1,073,741,824 in the first line. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 3) An input validation error exists within the "ProcXCMiscGetXIDList()" function of the XC-MISC extension. This can be exploited to cause a stack-based (if the "alloca()" function is available) or heap-based memory corruption by passing specially crafted parameters to the function. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 4) An integer overflow exists within the "XGetPixel()" function in ImUtil.c. This can be exploited to cause a crash or disclose potentially sensitive information by passing specially crafted parameters to the function. Updated Packages ================ Check if you have libxfont installed: # pacman -Q libxfont If found, then you should upgrade to the latest version: # pacman -Sy libxfont -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGFS+RZ7NElSD1VhkRArLsAJsHONNv0bVDfqb+R1FL7ozSZ+6eJwCgiQ/H dYRgHBcFSPJ0FQmWFSL5FKY= =Fisw -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 5 19:26:41 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 5 19:26:42 2007 Subject: [Frugalware-security] [ FSA-148 ] xorg-server Message-ID: <20070405172641.84EFE1E680BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-148 Date: 2007-04-05 Package: xorg-server Vulnerable versions: <= 1.2.0-1 Unaffected versions: >= 1.2.0-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1910 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1003 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1667 Description =========== Some vulnerabilities have been reported in X.Org X11, which potentially can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. 1) An integer overflow exists within the parsing of BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 2) An integer overflow exists within the parsing of the "fonts.dir" fonts information file. This can be exploited to cause a heap-based buffer overflow via a specially crafted fonts information file that specifies an element count of more than 1,073,741,824 in the first line. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 3) An input validation error exists within the "ProcXCMiscGetXIDList()" function of the XC-MISC extension. This can be exploited to cause a stack-based (if the "alloca()" function is available) or heap-based memory corruption by passing specially crafted parameters to the function. Successful exploitation may allow the execution of arbitrary code with escalated privileges. 4) An integer overflow exists within the "XGetPixel()" function in ImUtil.c. This can be exploited to cause a crash or disclose potentially sensitive information by passing specially crafted parameters to the function. Updated Packages ================ Check if you have xorg-server installed: # pacman -Q xorg-server If found, then you should upgrade to the latest version: # pacman -Sy xorg-server -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGFTFRZ7NElSD1VhkRAtnJAJ0YE/ZGWsP8cvfu5IHyukEWj3pDIgCfePIt IlzesP2FAWWqLI0y/hP2fZI= =Xl/U -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Apr 7 10:40:31 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Apr 7 10:40:33 2007 Subject: [Frugalware-security] [ FSA-149 ] freetype2 Message-ID: <20070407084031.7C6B513A40A4@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-149 Date: 2007-04-07 Package: freetype2 Vulnerable versions: <= 2.3.2-1 Unaffected versions: >= 2.3.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1916 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1351 Description =========== A vulnerability has been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an integer overflow when parsing BDF fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted BDF font. Updated Packages ================ Check if you have freetype2 installed: # pacman -Q freetype2 If found, then you should upgrade to the latest version: # pacman -Sy freetype2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGF1j/Z7NElSD1VhkRAlDXAJ9gj1lXaWsmVY6TkJ4/WZtVoQOTFwCfSULZ nK4MMyhPE8dSpo6aDOq4n3M= =Gr2n -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Apr 11 00:16:08 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Apr 11 00:16:10 2007 Subject: [Frugalware-security] [ FSA-150 ] asterisk Message-ID: <20070410221608.8A6DB13A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-150 Date: 2007-04-11 Package: asterisk Vulnerable versions: <= 1.4.1-1 Unaffected versions: >= 1.4.2-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1853 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1561 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1594 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1595 Description =========== A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of certain SIP INVITE messages. This can be exploited to crash the server by sending a SIP INVITE message with 2 SDP headers, where the second header contains an invalid IP address. Successful exploitation requires that the callee is an invalid dailplan or user. qwerty1979 has reported a vulnerability in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the processing of SIP replies from a remote system and can be exploited to crash the service via the remote system sending a SIP reply containing SIP Response code 0. A security issue has been reported in Asterisk, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to a problem within the AEL (Asterisk Extension Language) when generating switch extensions. Depending on the extension, an attacker may be able to guess and dial a special number, which could allow him to e.g. listen to the voicemails of other users. Updated Packages ================ Check if you have asterisk installed: # pacman -Q asterisk If found, then you should upgrade to the latest version: # pacman -Sy asterisk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGHAyoZ7NElSD1VhkRArngAJ4pYMzavEg1vxzohfYZQ5w4Tg0BbQCeIUCS 537jJ081tQrh+hbYy7ovsIE= =Qa+r -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Apr 11 00:24:31 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Apr 11 00:24:33 2007 Subject: [Frugalware-security] [ FSA-151 ] mod_perl Message-ID: <20070410222431.4F80013A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-151 Date: 2007-04-11 Package: mod_perl Vulnerable versions: <= 2.0.3-1 Unaffected versions: >= 2.0.3-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1894 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1349 Description =========== A vulnerability has been reported in mod_perl, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a regular expression in "RegistryCooker.pm" (mod_perl 2.x) or "PerlRun.pm" (mod_perl 1.x) that uses the "path_info" variable without properly escaping it. This can be exploited to cause a DoS by sending requests with specially crafted URLs to a vulnerable server. Updated Packages ================ Check if you have mod_perl installed: # pacman -Q mod_perl If found, then you should upgrade to the latest version: # pacman -Sy mod_perl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGHA6fZ7NElSD1VhkRArH+AKCF5jmweBuQzDU9kyY7bJwdNxdbzgCdEG7P PHiIxFTPLpa0SD9iO/LwU5U= =12mo -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Apr 11 00:36:51 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Apr 11 00:36:53 2007 Subject: [Frugalware-security] [ FSA-152 ] madwifi Message-ID: <20070410223651.2EB9E13A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-152 Date: 2007-04-11 Package: madwifi Vulnerable versions: <= 0.9.2.1-9terminus1 Unaffected versions: >= 0.9.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1914 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7178 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7179 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7180 Description =========== Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious people to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service). 1) An error within the "ieee80211_input()" function when handling AUTH frames from IBSS nodes can be exploited to cause a kernel crash by sending specially crafted AUTH frames. Successful exploitation may require that the "Ad-Hoc" mode is used. 2) MadWifi does not correctly handle Channel Switch Announcements. This can be exploited to force a channel switch thus interrupting the communication by injecting a Channel Switch Announcement with "CS Count" set to 1 or less. 3) An error within ieee80211_output.c may cause unencrypted packets to be sent before the WPA authentication is completed. This can be exploited to gain knowledge of certain sensitive information, which may be leveraged for further attacks. Updated Packages ================ Check if you have madwifi installed: # pacman -Q madwifi If found, then you should upgrade to the latest version: # pacman -Sy madwifi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGHBGDZ7NElSD1VhkRAmQHAJ9WnY64O/bsQ1A0Jk9tnzNiB3sjDgCeMGiF b1cMXOlP/ypbKDuTy+kyg24= =Usv7 -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Apr 11 01:04:38 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Apr 11 01:04:39 2007 Subject: [Frugalware-security] [ FSA-153 ] qt4 Message-ID: <20070410230438.46E4813A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-153 Date: 2007-04-11 Package: qt4 Vulnerable versions: <= 4.2.3-1 Unaffected versions: >= 4.2.3-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1909 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242 Description =========== Andreas Nolden has reported a vulnerability in Qt, which potentially can be exploited to conduct cross-site scripting attacks in applications using the Qt libraries. The vulnerability is caused due to Qt not properly rejecting overly long UTF-8 character sequences. This can be exploited to bypass certain character sanitation mechanisms and allow e.g. the execution of HTML and script code in applications depending on the correct behavior. Updated Packages ================ Check if you have qt4 installed: # pacman -Q qt4 If found, then you should upgrade to the latest version: # pacman -Sy qt4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGHBgGZ7NElSD1VhkRAqs3AJ9VO3h3jYLIHsF4nZoiCUzUOzHCogCglcKR UiM6lOJkwAiDc6C1aE7AR1c= =Nv3z -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Apr 16 18:48:35 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Apr 16 18:48:36 2007 Subject: [Frugalware-security] [ FSA-154 ] lighttpd Message-ID: <20070416164835.0373D13A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-154 Date: 2007-04-16 Package: lighttpd Vulnerable versions: <= 1.4.13-2 Unaffected versions: >= 1.4.13-3terminus1 Related bugreport: http://bugs.frugalware.org/task/1951 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1870 Description =========== Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). 1) An error exists during the parsing of the "\r\n\r\n" sequence. This can be exploited to cause an infinite loop by aborting the connection while the server parses the sequence, which e.g. results in a high CPU load and exhaustion of system resources . 2) An NULL pointer dereference exists within the mtime handling of files. This can be exploited to cause a crash by requesting a file with mtime 0. Successful exploitation requires that the attacker can request or upload files with mtime 0, or can otherwise modify the mtime of files. Updated Packages ================ Check if you have lighttpd installed: # pacman -Q lighttpd If found, then you should upgrade to the latest version: # pacman -Sy lighttpd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGI6jiZ7NElSD1VhkRArteAJwJ7lpggIh0rZumm3Fx25s0uxVp1QCfa+OY Q/fmbcZgyITk2oNoMeeXrhk= =if0Q -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Apr 17 13:32:38 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Apr 17 13:32:46 2007 Subject: [Frugalware-security] [ FSA-155 ] clamav Message-ID: <20070417113240.292AC13A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-155 Date: 2007-04-17 Package: clamav Vulnerable versions: <= 0.90.1-1 Unaffected versions: >= 0.90.2-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1946 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1997 Description =========== Two vulnerabilities have been reported in Clam AntiVirus. One has an unknown impact, while the other can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) An unspecified file descriptor leak error exists within libclamav/chmunpack.c. 2) A signedness error exists within the "cab_unstore()" function in libclamav/cab.c. This can be exploited to cause a stack based buffer overflow via a specially crafted ".cab" file, and may allow execution of arbitrary code or crashing of the clamd process. Updated Packages ================ Check if you have clamav installed: # pacman -Q clamav If found, then you should upgrade to the latest version: # pacman -Sy clamav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGJLBVZ7NElSD1VhkRAvt0AJ9V5Bgm4LvS8G+6cReshYEz0+IvtgCfRQWx 4It7taTH8YLjFrIQChjOjKw= =f7Z8 -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Apr 17 13:40:25 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Apr 17 13:40:27 2007 Subject: [Frugalware-security] [ FSA-156 ] aircrack-ng Message-ID: <20070417114025.2C3E313A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-156 Date: 2007-04-17 Package: aircrack-ng Vulnerable versions: <= 0.7-1 Unaffected versions: >= 0.7-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1947 CVE: There is no CVE for this issue, see: http://secunia.com/advisories/24880 Description =========== Jonathan So has reported a vulnerability in Aircrack-ng, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the airodump-ng module when processing 802.11 authentication packets. This can be exploited to cause a stack-based buffer overflow via a specially crafted 802.11 packet. Successful exploitation allows execution of arbitrary code and requires that the application is logging packets with the -w or --write option. Updated Packages ================ Check if you have aircrack-ng installed: # pacman -Q aircrack-ng If found, then you should upgrade to the latest version: # pacman -Sy aircrack-ng -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGJLIoZ7NElSD1VhkRAuUvAJ47TyKVe2M8TIDYNaB85CGzQh3RWgCeO6dt i93Gfhc31LieLIKPXjp8mF8= =Fzcr -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 26 14:07:01 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 26 14:07:07 2007 Subject: [Frugalware-security] [ FSA-157 ] wordpress Message-ID: <20070426120701.D762513A402C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-157 Date: 2007-04-26 Package: wordpress Vulnerable versions: <= 2.1.2-1 Unaffected versions: >= 2.1.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1837 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1894 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1622 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1897 Description =========== g30rg3_x has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "year" parameter when used in wp_title() is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. A vulnerability has been discovered in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "PHP_SELF" variable is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Sumit Siddharth has discovered two vulnerabilities in WordPress, which can be exploited by malicious users to conduct SQL injection attacks or to bypass certain security restrictions. 1) Input passed to the "mt.setPostCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving usernames and password hashes, but requires valid user credentials. 2) A vulnerability is caused due to improper authentication verification in xmlrpc.php. A user with contributor permissions can exploit this issue to publish posts. Successful exploitation requires valid user credentials. Updated Packages ================ Check if you have wordpress installed: # pacman -Q wordpress If found, then you should upgrade to the latest version: # pacman -Sy wordpress -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGMJXlZ7NElSD1VhkRAugWAJ9nItlu/vSQjgwLCroxB/3liBFVkgCcCwZH dTfG7iBoMtn0Q3ywJgkE7Yw= =JfMS -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 26 14:31:05 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 26 14:31:07 2007 Subject: [Frugalware-security] [ FSA-158 ] opera Message-ID: <20070426123105.62B1E13A402E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-158 Date: 2007-04-26 Package: opera Vulnerable versions: <= 9.10-1 Unaffected versions: >= 9.20-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1757 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022 Description =========== Stefan Esser has discovered a vulnerability in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability exist because pages that do not specify a charset inherit the charset of the parent page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of certain sites that are included e.g. via iframes in a malicious page that uses UTF-7 as charset. Successful exploitation requires that the user is tricked into visiting a malicious web site. A vulnerability with an unknown impact has been reported in Opera. The vulnerability is caused due to an unspecified error when using the Adobe Flash Player plug-in. The vulnerability is reported in Opera versions prior to 9.20 running on Linux, Solaris, or FreeBSD and using the Adobe Flash Player version 7 or 9. Updated Packages ================ Check if you have opera installed: # pacman -Q opera If found, then you should upgrade to the latest version: # pacman -Sy opera -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGMJuJZ7NElSD1VhkRAp47AKCm5fq+mPsNwbYk+gnFK0gHOvv1QACdHis9 WKqqqsQH/7/AT4x+PVScB88= =NPCm -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 26 16:18:06 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 26 16:18:09 2007 Subject: [Frugalware-security] [ FSA-159 ] firefox-firebug Message-ID: <20070426141806.A241913A402C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-159 Date: 2007-04-26 Package: firefox-firebug Vulnerable versions: <= 1.01-1 Unaffected versions: >= 1.05-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1917 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1878 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1947 Description =========== Two vulnerabilities have been reported in the Firebug extension for Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. 1) Input passed to the "console.log()" function is not properly sanitised and can be exploited to e.g. execute arbitrary script code within the "chrome:" context by tricking a user into visiting a malicious website. 2) Results of the "toString" method when processing function objects are not properly sanitised before being used. This can be exploited to e.g. execute arbitrary script code within the "chrome:" context by overriding the "toString" method with a specially crafted function. Updated Packages ================ Check if you have firefox-firebug installed: # pacman -Q firefox-firebug If found, then you should upgrade to the latest version: # pacman -Sy firefox-firebug -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGMLSeZ7NElSD1VhkRAmnVAJ42YgaF6zwKyUOTuyCInw9xyCI4yQCdEFOG HJKnxolNkpwD0jb1TLKZbuo= =ccjr -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 26 16:25:30 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 26 16:25:31 2007 Subject: [Frugalware-security] [ FSA-160 ] kernel Message-ID: <20070426142530.0A8D313A402C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-160 Date: 2007-04-26 Package: kernel Vulnerable versions: <= 2.6.20-5terminus1 Unaffected versions: >= 2.6.20-5terminus2 Related bugreport: http://bugs.frugalware.org/task/1934 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1357 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "atalk_sum_skb()" function when creating the checksum of an AppleTalk frame that is shorter than specified in the header. This can be exploited to trigger a "BUG_ON" condition by sending a specially crafted AppleTalk frame to a vulnerable system. Successful exploitation requires that the AppleTalk kernel module is loaded. Updated Packages ================ Check if you have kernel installed: # pacman -Q kernel If found, then you should upgrade to the latest version: # pacman -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGMLZaZ7NElSD1VhkRAuoVAJ9ph0gSLrGWoBWPgvVNRBiIzXuhwACbBNUB 6z7d6cFee3F9JezCCYRV9NE= =xWz6 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Apr 26 17:19:01 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Apr 26 17:19:03 2007 Subject: [Frugalware-security] [ FSA-161 ] imagemagick Message-ID: <20070426151901.A328713A402C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-161 Date: 2007-04-26 Package: imagemagick Vulnerable versions: <= 6.3.2_8-1 Unaffected versions: >= 6.3.2_8-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1913 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1797 Description =========== Some vulnerabilities have been reported in ImageMagick, which can be exploited by malicious people to compromise a vulnerable system. 1) A integer overflow error within the "ReadDCMImage()" function can be exploited to cause a heap-based buffer overflow when processing specially crafted DCM images. 2) Two integer overflows within the "ReadXWDImage()" function when calculating the amount of memory to be allocated for the 'colors' or 'comment' fields can be exploited to cause heap-based buffer overflows when processing specially crafted XWD images. Updated Packages ================ Check if you have imagemagick installed: # pacman -Q imagemagick If found, then you should upgrade to the latest version: # pacman -Sy imagemagick -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGMMLlZ7NElSD1VhkRAkg5AJ436CkSY1MaBDxMzeVFYDaluueutQCghVIE Zdqofw2a2OkGmflMH0/XFpE= =ePbK -----END PGP SIGNATURE-----