From noreply at frugalware.org Sun Dec 2 14:16:54 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Dec 2 14:17:12 2007 Subject: [Frugalware-security] [ FSA-327 ] emacs Message-ID: <20071202131654.730A2176C018@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-327 Date: 2007-12-02 Package: emacs Vulnerable versions: <= 22.1-1 Unaffected versions: >= 22.1-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2566 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5795 Description =========== Drake Wilson has reported a vulnerability in GNU Emacs, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the "hack-local-variables" function where local variables within a file are processed in an insecure manner. This can be exploited to e.g. modify a user's user-init-file and execute arbitrary Emacs Lisp code when a specially crafted file is opened. Successful exploitation requires that "enable-local-variables" is set to ":safe". Updated Packages ================ Check if you have emacs installed: # pacman-g2 -Q emacs If found, then you should upgrade to the latest version: # pacman-g2 -Sy emacs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHUrBGZ7NElSD1VhkRAmqDAJ98CX2yDoKD0Zp5qCdKMjdlj2AziACgnXNx yZ1PFdwkGBP/ljylIrGLH1o= =cgaX -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Dec 2 14:21:30 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Dec 2 14:21:34 2007 Subject: [Frugalware-security] [ FSA-328 ] php-pear-mdb2 Message-ID: <20071202132130.5C19A176C017@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-328 Date: 2007-12-02 Package: php-pear-mdb2 Vulnerable versions: <= 2.4.1-1 Unaffected versions: >= 2.4.1-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2573 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5934 Description =========== A security issue has been reported in PEAR MDB2, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to MDB2 potentially making use of PHP's protocol wrappers when storing certain input as LOB. This can be exploited to e.g. disclose sensitive information by storing a specially crafted URI (e.g. "file:///etc/passwd") as LOB. Updated Packages ================ Check if you have php-pear-mdb2 installed: # pacman-g2 -Q php-pear-mdb2 If found, then you should upgrade to the latest version: # pacman-g2 -Sy php-pear-mdb2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHUrFaZ7NElSD1VhkRAnprAJ0YjYj1dSenvj6J5isMp+Om8Z1RfgCfboJM cLDGrQFQmcQ9zrIkWsektzo= =qOIt -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Dec 2 14:26:05 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Dec 2 14:26:27 2007 Subject: [Frugalware-security] [ FSA-329 ] mysql Message-ID: <20071202132605.5A5D0176C017@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-329 Date: 2007-12-02 Package: mysql Vulnerable versions: <= 5.0.45-1 Unaffected versions: >= 5.0.45-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2577 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5925 Description =========== A vulnerability has been reported in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an assertion error within the InnoDB engine and can be exploited to crash the database server via certain "CONTAINS" statements. Successful exploitation requires "ALTER" privileges. Updated Packages ================ Check if you have mysql installed: # pacman-g2 -Q mysql If found, then you should upgrade to the latest version: # pacman-g2 -Sy mysql -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHUrJtZ7NElSD1VhkRApUdAJ9QZ4pNV1oZ61Y9bbXl0RfssMKV+gCgnv/b A8cKmVv4MFDNCmmzpQpGuTk= =Mruf -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Dec 2 14:32:23 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Dec 2 14:32:41 2007 Subject: [Frugalware-security] [ FSA-330 ] cups Message-ID: <20071202133223.C4160176C018@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-330 Date: 2007-12-02 Package: cups Vulnerable versions: <= 1.3.2-2sayshell1 Unaffected versions: >= 1.3.2-2sayshell2 Related bugreport: http://bugs.frugalware.org/task/2596 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Description =========== Some vulnerabilities have been reported in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. The vulnerabilities are caused due to the use of a vulnerable version of Xpdf. Updated Packages ================ Check if you have cups installed: # pacman-g2 -Q cups If found, then you should upgrade to the latest version: # pacman-g2 -Sy cups -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHUrPlZ7NElSD1VhkRAuVFAKCAvGccyXc8FOhIb1GDVLJP6oHuJgCgo5xf xI3QO4hO+QNiX+q6fr7jmt0= =3ILH -----END PGP SIGNATURE-----