From noreply at frugalware.org Mon Feb 5 20:43:03 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Feb 5 20:43:08 2007 Subject: [Frugalware-security] [ FSA-110 ] gtk+2 Message-ID: <20070205194303.CAE4F13A400E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-110 Date: 2007-02-05 Package: gtk+2 Vulnerable versions: <= 2.10.3-1 Unaffected versions: >= 2.10.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1663 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0010 Description =========== A vulnerability has been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "GdkPixbufLoader()" when handling certain malformed input. This can be exploited to crash an application using the library by tricking it into processing specially crafted image files. Updated Packages ================ Check if you have gtk+2 installed: # pacman -Q gtk+2 If found, then you should upgrade to the latest version: # pacman -Sy gtk+2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFx4jHZ7NElSD1VhkRAoKmAJ9F0d/I5bwN+1+PiXQxh93mFwDaogCdGtdG CM7C6EIOaPONQB4/D2Nvkq8= =cHA8 -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Feb 6 18:39:48 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Feb 6 18:39:50 2007 Subject: [Frugalware-security] [ FSA-111 ] postgresql libpq Message-ID: <20070206173948.70FA613A400E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-111 Date: 2007-02-06 Package: postgresql libpq Vulnerable versions: <= 8.1.5-1siwenna1 Unaffected versions: >= 8.1.7-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1687 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0556 Description =========== Some vulnerabilities have been reported in PostgreSQL, which can be exploited by malicious users to gain knowledge of potentially sensitive information and cause a DoS (Denial of Service). 1) An unspecified error can be used to suppress certain checks, which ensure that SQL functions return the correct data type. This can be exploited to crash the database backend or disclose potentially sensitive information. 2) An unspecified error when changing the data type of a table column can be exploited to crash the database backend or disclose potentially sensitive information. Updated Packages ================ Check if you have postgresql libpq installed: # pacman -Q postgresql libpq If found, then you should upgrade to the latest version: # pacman -Sy postgresql libpq -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFyL1kZ7NElSD1VhkRAhVvAJ0YzxHwuJ1GCHapoODqoRmQYGV4QQCgh3e+ P+UMZAHFOvJ28OfR6MxFZ8c= =V1zJ -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Feb 7 14:40:01 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Feb 7 14:40:04 2007 Subject: [Frugalware-security] [ FSA-112 ] wireshark Message-ID: <20070207134001.42EB913A400E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-112 Date: 2007-02-07 Package: wireshark Vulnerable versions: <= 0.99.4-1siwenna1 Unaffected versions: >= 0.99.5-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1684 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0458 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0459 Description =========== Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Errors within the TCP, HTTP, IEEE 802.11, and LLT parsers can be exploited to cause a crash or consume large amounts of memory when parsing a specially crafted packet that is either captured off the wire or loaded via a capture file. Updated Packages ================ Check if you have wireshark installed: # pacman -Q wireshark If found, then you should upgrade to the latest version: # pacman -Sy wireshark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFydawZ7NElSD1VhkRAkWqAJoCgPmqMqZTtPYKCzVMBZapFzbHyACfWoen w4YJ6W/4At3gG9RBSBXt41M= =BJLy -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Feb 10 01:55:49 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Feb 10 01:55:56 2007 Subject: [Frugalware-security] [ FSA-113 ] flashplugin Message-ID: <20070210005549.DAD7A13A48D9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-113 Date: 2007-02-10 Package: flashplugin Vulnerable versions: <= 7.0r68-1siwenna1 Unaffected versions: >= 9.0.31.0-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1337 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5330 Description =========== Rapid7 has reported some vulnerabilities in Adobe Flash Player, which can be exploited by malicious people to bypass certain restrictions. Input passed to the "XML.addRequestHeader()" ActionScript function and the "XML.contentType" attribute is not properly sanitised before being used. This can be exploited to bypass certain restrictions via CRLF character sequences and inject arbitrary HTTP headers in a request. Successful exploitation may e.g. make it easier to perform CSRF (Cross-Site Request Forgery) attacks. Updated Packages ================ Check if you have flashplugin installed: # pacman -Q flashplugin If found, then you should upgrade to the latest version: # pacman -Sy flashplugin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFzRgVZ7NElSD1VhkRAvTJAJ0VR6KTMSQZ4+JzQ8eTTB4+6J+0cACfcTOf wAJ6THg7Bh7cSvaYir+ZDHw= =IWx4 -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Feb 10 14:08:46 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Feb 10 14:08:48 2007 Subject: [Frugalware-security] [ FSA-114 ] samba libsmbclient Message-ID: <20070210130846.251C313A48D9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-114 Date: 2007-02-10 Package: samba libsmbclient Vulnerable versions: <= 3.0.23-5 Unaffected versions: >= 3.0.24-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1690 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454 Description =========== Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) Under certain conditions, smbd fails to remove requests from the deferred file open queue. This can be exploited to cause a DoS due to heavy resource usage by triggering an infinite loop when renaming a file under special circumstances. 2) Samba uses filenames as format string parameter in a call to "sprintf()" when setting Windows NT Access Control Lists using the afsacl.so VFS plugin. This can potentially be exploited to execute arbitrary code. Successful exploitation requires that an AFS file system is shared to CIFS clients using the afsacl.so VFS module and that the attacker has write access to the share. Updated Packages ================ Check if you have samba libsmbclient installed: # pacman -Q samba libsmbclient If found, then you should upgrade to the latest version: # pacman -Sy samba libsmbclient -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFzcPeZ7NElSD1VhkRAsMiAKCdj1aeUCTMId1XbREoGxVulhsm3QCeM/40 BBwY1C4+Gfu0myV4kjADviM= =dMwX -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Feb 11 15:44:10 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Feb 11 15:44:12 2007 Subject: [Frugalware-security] [ FSA-115 ] xine-ui Message-ID: <20070211144410.1ECF813A48D9@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-115 Date: 2007-02-11 Package: xine-ui Vulnerable versions: <= 0.99.4-2 Unaffected versions: >= 0.99.4-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1617 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254 Description =========== A vulnerability has been reported in xine-ui, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error within the "errors_create_window()" function in errors.c. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted playlist file. Updated Packages ================ Check if you have xine-ui installed: # pacman -Q xine-ui If found, then you should upgrade to the latest version: # pacman -Sy xine-ui -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFzyu5Z7NElSD1VhkRAtrRAJ9E06MJl9KKLmpOqsB4OFiV9xS/zACbBt3d wbmMlAGtT4+2XCm/9kVbaks= =B1Ky -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Feb 13 01:44:24 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Feb 13 01:44:29 2007 Subject: [Frugalware-security] [ FSA-116 ] kdelibs kde-apidox Message-ID: <20070213004424.DD7C61670008@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-116 Date: 2007-02-13 Package: kdelibs kde-apidox Vulnerable versions: <= 3.5.4-3 Unaffected versions: >= 3.5.4-4siwenna1 Related bugreport: http://bugs.frugalware.org/task/1665 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 Description =========== A weakness has been discovered in Konqueror, which can potentially be exploited by malicious people to conduct cross-site scripting attacks. The weakness is caused due to an error in the parsing of comments within title tags of an HTML document. Arbitrary HTML and script code in a comment tag is executed in a user's browser session when preceded by the corresponding closing title tag. Successful exploitation is possible on web sites that allow users to insert unsanitised HTML and script code within a comment into such a tag. Updated Packages ================ Check if you have kdelibs kde-apidox installed: # pacman -Q kdelibs kde-apidox If found, then you should upgrade to the latest version: # pacman -Sy kdelibs kde-apidox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF0QnoZ7NElSD1VhkRAolGAJ9powdwS+a0s0B9JELjitzCW8F1jgCfcbru U80HcAbOPgTfl+3agttj9n8= =4hjG -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Feb 19 19:38:43 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Feb 19 19:38:46 2007 Subject: [Frugalware-security] [ FSA-117 ] spamassassin Message-ID: <20070219183843.9276E13A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-117 Date: 2007-02-19 Package: spamassassin Vulnerable versions: <= 3.1.5-1 Unaffected versions: >= 3.1.8-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1715 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0451 Description =========== A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can be exploited to cause a DoS via overly long URIs in the message content. Updated Packages ================ Check if you have spamassassin installed: # pacman -Q spamassassin If found, then you should upgrade to the latest version: # pacman -Sy spamassassin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF2e6zZ7NElSD1VhkRAuKZAJ9S2wOKsPxVxBjoY5ntk+uw6TYk+ACfdtvu mDVOjPipkFYQMvXhit7bv0A= =m7ve -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Feb 19 19:45:06 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Feb 19 19:45:08 2007 Subject: [Frugalware-security] [ FSA-118 ] clamav Message-ID: <20070219184506.EB90213A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-118 Date: 2007-02-19 Package: clamav Vulnerable versions: <= 0.88.7-1siwenna1 Unaffected versions: >= 0.90-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1714 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0897 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0898 Description =========== Two vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Input passed via the "id" parameter when parsing MIME headers is not properly sanitised before being used to create local files. This can be exploited to e.g. overwrite the anti-virus signature file via directory traversal attacks, preventing malware from being detected. 2) An file descriptor leak error in the processing of CAB files can be exploited to e.g. prevent legitimate users from sending out valid archives via a specially crafted CAB file with a cabinet header containing a record length of zero. Updated Packages ================ Check if you have clamav installed: # pacman -Q clamav If found, then you should upgrade to the latest version: # pacman -Sy clamav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF2fAyZ7NElSD1VhkRAtGYAJ4pr5Ee7oPsOpuorzQGojDzCO3YcQCff28e Tj2BSh8aTQ9hSmJItYafrxs= =B+Rr -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Feb 19 19:51:34 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Feb 19 19:51:36 2007 Subject: [Frugalware-security] [ FSA-119 ] unrar Message-ID: <20070219185134.A42E813A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-119 Date: 2007-02-19 Package: unrar Vulnerable versions: <= 3.6.8-1 Unaffected versions: >= 3.7.3-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1710 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0855 Description =========== A vulnerability has been reported in RARLabs UnRAR, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing password-protected archives using the UnRAR command line utility. This can be exploited to cause a stack-based buffer overflow via a specially crafted password-protected archive. Successful exploitation requires that the user is e.g. tricked into opening a password-protected archive and respond to the password prompt. Updated Packages ================ Check if you have unrar installed: # pacman -Q unrar If found, then you should upgrade to the latest version: # pacman -Sy unrar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF2fG2Z7NElSD1VhkRAtQAAJ0bAM4fkXgKioIdrjk0wevrhYoA9ACfYP/T 1h74kHI3MVsf5XQFhctOVUQ= =BYwM -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Feb 21 15:03:09 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Feb 21 15:03:14 2007 Subject: [Frugalware-security] [ FSA-120 ] kernel kernel-source Message-ID: <20070221140309.CE35E13A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-120 Date: 2007-02-21 Package: kernel kernel-source Vulnerable versions: <= 2.6.17-6siwenna6 Unaffected versions: >= 2.6.17-6siwenna7 Related bugreport: http://bugs.frugalware.org/task/1712 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0006 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference within the "key_alloc_serial()" function, which can be exploited to crash the Kernel. Updated Packages ================ Check if you have kernel kernel-source installed: # pacman -Q kernel kernel-source If found, then you should upgrade to the latest version: # pacman -Sy kernel kernel-source -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF3FEdZ7NElSD1VhkRAgfnAJ0XzdeNRKtUSxkmufc8sk0Z9uh74QCdGSWB KWgpRKiv7ZgRTWX4EjOW6+0= =VS6x -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Feb 23 23:10:35 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Feb 23 23:10:50 2007 Subject: [Frugalware-security] [ FSA-121 ] php Message-ID: <20070223221035.BCF6C13A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-121 Date: 2007-02-23 Package: php Vulnerable versions: <= 5.1.6-4siwenna1 Unaffected versions: >= 5.1.6-5siwenna1 Related bugreport: http://bugs.frugalware.org/task/1695 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0905 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0906 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0907 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0909 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0988 Description =========== Several vulnerabilities and a weakness have been reported in PHP, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) The "safe_mode" and "open_basedir" protection mechanisms can be bypassed via the session extension. 2) Unspecified overflows can be exploited to cause a stack corruption in the session extension. 3) Stack overflows exist in the "zip", "imap", and "sqlite" (PHP 5) extensions. 4) A boundary error within the stream filters can be exploited to cause a buffer overflow. 5) An integer overflow exists in the "str_replace()" function. This can be exploited to trigger an error when allocating memory and potentially allows the execution of arbitrary code, if the function is used on long, untrusted strings. 6) An unspecified error when importing malicious WDDX data can be exploited to disclose random heap memory. 7) A format string error exists in the *print() functions on 64-bit systems. 8) Boundary errors exist within the "mail()" and the "ibase_add_user()", "ibase_delete_user()", and "ibase_modify_user()" functions and can be exploited to cause buffer overflows. 9) A format string error exists in the "odbc_result_all()" function. Successful exploitation may allow the execution of arbitrary code, but requires that the attacker has control over the table contents of the used database. 10) An error within the "imap_mail_compose()" function can be exploited to cause a heap based buffer overflow and may allow the execution of arbitrary code, if the function is used with untrusted input to create a new MIME message. 11) A weakness within the "zend_hash_init()" function on 64bit systems can be exploited to cause a DoS via CPU consumption until the script times out by triggering an infinite loop when unserializing untrusted data. Updated Packages ================ Check if you have php installed: # pacman -Q php If found, then you should upgrade to the latest version: # pacman -Sy php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF32ZbZ7NElSD1VhkRAkqZAJ4h123FtBchF0tqCYxTosJHoQoUzACeI3sg ZZNqnrlH2d6wuVgcpApGrTI= =c36i -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Feb 23 23:16:13 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Feb 23 23:16:14 2007 Subject: [Frugalware-security] [ FSA-122 ] ekiga Message-ID: <20070223221613.36D3613A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-122 Date: 2007-02-23 Package: ekiga Vulnerable versions: <= 2.0.2-2 Unaffected versions: >= 2.0.2-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1738 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1006 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1007 Description =========== A vulnerability has been reported in Ekiga, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to format string errors when the "gm_main_window_flash_message()" function is invoked. This can be exploited to crash the application or potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet. Updated Packages ================ Check if you have ekiga installed: # pacman -Q ekiga If found, then you should upgrade to the latest version: # pacman -Sy ekiga -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF32etZ7NElSD1VhkRAqG0AJ4z+VnOqKVyBmCOhXYodFzeikTrGgCeLtY9 1FyDeGpAYUqAZgoAUVjNctU= =lpCp -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Feb 23 23:24:57 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Feb 23 23:25:00 2007 Subject: [Frugalware-security] [ FSA-123 ] mediawiki Message-ID: <20070223222457.7784F13A4010@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-123 Date: 2007-02-23 Package: mediawiki Vulnerable versions: <= 1.7.2-1siwenna1 Unaffected versions: >= 1.7.3-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1739 CVE: There is no CVE for this issue, see: http://secunia.com/advisories/24211 Description =========== Moshe BA has reported a vulnerability in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "rs" parameter in index.php (when "action" is set to "ajax") is not properly sanitised from UTF-7 data before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that $wgUseAjax is set to true (not default setting) and that the target user uses Internet Explorer with encoding auto-detection enabled. Updated Packages ================ Check if you have mediawiki installed: # pacman -Q mediawiki If found, then you should upgrade to the latest version: # pacman -Sy mediawiki -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF32m5Z7NElSD1VhkRAnIzAJ43QUg1aeEwqHXXltgp6foHF/m8jwCcCDln BNHBFmka9cRWs1KrjYMetVw= =Bmdb -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Feb 26 22:05:18 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Feb 26 22:05:21 2007 Subject: [Frugalware-security] [ FSA-124 ] firefox Message-ID: <20070226210518.A873613A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-124 Date: 2007-02-26 Package: firefox Vulnerable versions: <= 1.5.0.9-1siwenna1 Unaffected versions: >= 1.5.0.10-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1486 http://bugs.frugalware.org/task/1692 http://bugs.frugalware.org/task/1713 http://bugs.frugalware.org/task/1756 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 Description =========== Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system. 1) An error in the handling of the "locations.hostname" DOM property can be exploited to bypass certain security restrictions. 2) It is possible to conduct cross-site scripting attacks against sites containing a frame with a "data:" URI as source. Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup. 3) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name. Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup. 4) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property. 5) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other. Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website. 6) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks. 7) A vulnerability in the Password Manager may be exploited to conduct phishing attacks. 8) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system. 9) An error within the handling of the onUnload event handler and self-modifying document.write() calls can be exploited to corrupt memory and potentially execute arbitrary code. Updated Packages ================ Check if you have firefox installed: # pacman -Q firefox If found, then you should upgrade to the latest version: # pacman -Sy firefox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF40uOZ7NElSD1VhkRAhz5AJ4ozdpHMcQk5m7jorj3vM+jxm+gUgCgm6Yi dyhZSVD8FPpOh8WikTPOE2o= =NI1y -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Feb 26 22:42:14 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Feb 26 22:42:17 2007 Subject: [Frugalware-security] [ FSA-125 ] kernel Message-ID: <20070226214214.A405A13A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-125 Date: 2007-02-26 Package: kernel Vulnerable versions: <= 2.6.17-6siwenna7 Unaffected versions: >= 2.6.17-6siwenna8 Related bugreport: http://bugs.frugalware.org/task/1740 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0772 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an invalid freeing of a pointer when handling NFSACL 2 "ACCESS" requests, which can be exploited to crash the kernel. Updated Packages ================ Check if you have kernel installed: # pacman -Q kernel If found, then you should upgrade to the latest version: # pacman -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF41Q2Z7NElSD1VhkRAoaSAKCom37svDG4trlc7KLyfzuBGpIunQCeKN7E OKZ2CNyiJ1ohoWq+HTRr7os= =pWiw -----END PGP SIGNATURE-----