From noreply at frugalware.org Wed Jan 3 19:39:33 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Jan 3 19:39:37 2007 Subject: [Frugalware-security] [ FSA-78 ] firefox Message-ID: <20070103183933.DC14CFA4920@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-78 Date: 2007-01-03 Package: firefox Vulnerable versions: <= 1.5.0.7-1siwenna1 Unaffected versions: >= 1.5.0.9-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1544 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504 Description =========== Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of certain information, conduct cross-site scripting attacks, and potentially compromise a user's system. 1)Various errors in the layout engine and JavaScript engine can be exploited to cause memory corruption and some may potentially allow execution of arbitrary code. 2) An error when reducing the CPU's floating point precision, which may happen on Windows when loading a plugin creating a Direct3D device, may cause the "js_dtoa()" function to not exit and instead cause a memory corruption. 3) A boundary error when setting the cursor to a Windows bitmap using the CSS cursor property can be exploited to cause a heap-based buffer overflow. 4) An unspecified error in the "watch()" JavaScript function can be exploited to execute arbitrary code. 5) An error in LiveConnect causes an already freed object to be used and may potentially allow execution of arbitrary code. 6) An error in the handling of the "src" attribute of IMG elements loaded in a frame can be exploited to change the attribute to a "javascript:" URI. This allows execution of arbitrary HTML and script code in a user's browser session. 7) An error within the handling of SVG comment objects can be exploited to cause a memory corruption and allows execution of arbitrary code by appending an SVG comment object from one document into another type of document (e.g. HTML). Updated Packages ================ Check if you have firefox installed: # pacman -Q firefox If found, then you should upgrade to the latest version: # pacman -Sy firefox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFm/hlZ7NElSD1VhkRAvd+AKCYWbTVML4a4q8Ct6Jd5DCUIdA+lwCePmS/ Q4D7xVXv4ConOhYZxjZCekY= =5MlV -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Jan 3 19:52:42 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Jan 3 19:52:45 2007 Subject: [Frugalware-security] [ FSA-79 ] thunderbird Message-ID: <20070103185242.D0DBDFA49AE@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-79 Date: 2007-01-03 Package: thunderbird Vulnerable versions: <= 1.5.0.8-1siwenna1 Unaffected versions: >= 1.5.0.9-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1545 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505 Description =========== Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system. 1)Various errors in the layout engine and JavaScript engine can be exploited to cause memory corruption and some may potentially allow execution of arbitrary code. 2) An error when reducing the CPU's floating point precision, which may happen on Windows when loading a plugin creating a Direct3D device, may cause the "js_dtoa()" function to not exit and instead cause a memory corruption. 3) A boundary error when setting the cursor to a Windows bitmap using the CSS cursor property can be exploited to cause a heap-based buffer overflow. 4) An unspecified error in the "watch()" JavaScript function can be exploited to execute arbitrary code. 5) An error in LiveConnect causes an already freed object to be used and may potentially allow execution of arbitrary code. 6) An error in the handling of the "src" attribute of IMG elements loaded in a frame can be exploited to change the attribute to a "javascript:" URI. This allows execution of arbitrary HTML and script code in a user's browser session. 7) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body. 8) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow. Updated Packages ================ Check if you have thunderbird installed: # pacman -Q thunderbird If found, then you should upgrade to the latest version: # pacman -Sy thunderbird -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFm/t6Z7NElSD1VhkRAjmUAJoCnSFW1IyURa4D+VCvsbpQTlQCsgCglcNJ s4QZyzXLrguEpV3MGDQa+dA= =hnce -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Jan 3 20:01:39 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Jan 3 20:01:46 2007 Subject: [Frugalware-security] [ FSA-80 ] clamav Message-ID: <20070103190139.77AB3FA49B0@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-80 Date: 2007-01-03 Package: clamav Vulnerable versions: <= 0.88.5-1siwenna1 Unaffected versions: >= 0.88.7-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1537 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6481 Description =========== Hendrik Weimer has reported a vulnerability in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a stack overflow when scanning messages with deeply nested multipart content. This can be exploited to crash the service by sending specially crafted emails to a vulnerable system. Updated Packages ================ Check if you have clamav installed: # pacman -Q clamav If found, then you should upgrade to the latest version: # pacman -Sy clamav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFm/2TZ7NElSD1VhkRAt2IAKCKDYvnulOmAVS5au/oQWuQxhhQggCfe3vn 9aDQdw0LJBukZZCQLRuRgHI= =xAlj -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Jan 3 20:07:46 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Jan 3 20:07:49 2007 Subject: [Frugalware-security] [ FSA-81 ] sugarcrm Message-ID: <20070103190746.9A460FA4920@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-81 Date: 2007-01-03 Package: sugarcrm Vulnerable versions: <= 4.2.1b-1 Unaffected versions: >= 4.5.0h-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1556 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6712 Description =========== A vulnerability has been reported in Sugar Open Source, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have sugarcrm installed: # pacman -Q sugarcrm If found, then you should upgrade to the latest version: # pacman -Sy sugarcrm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFm/8CZ7NElSD1VhkRAp9NAJ9twjffAFyegZa2hBasqCY1u5tVewCfdaLv 22Mi2s3721jEMsQMVl0lSqw= =UPWq -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Jan 5 12:03:22 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Jan 5 12:03:25 2007 Subject: [Frugalware-security] [ FSA-82 ] seamonkey Message-ID: <20070105110322.63EA1FA48C1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-82 Date: 2007-01-05 Package: seamonkey Vulnerable versions: <= 1.0.6-1siwenna1 Unaffected versions: >= 1.0.7-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1546 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6502 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6503 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6505 Description =========== Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system. 1)Various errors in the layout engine and JavaScript engine can be exploited to cause memory corruption and some may potentially allow execution of arbitrary code. 2) An error when reducing the CPU's floating point precision, which may happen on Windows when loading a plugin creating a Direct3D device, may cause the "js_dtoa()" function to not exit and instead cause a memory corruption. 3) A boundary error when setting the cursor to a Windows bitmap using the CSS cursor property can be exploited to cause a heap-based buffer overflow. 4) An unspecified error in the "watch()" JavaScript function can be exploited to execute arbitrary code. 5) An error in LiveConnect causes an already freed object to be used and may potentially allow execution of arbitrary code. 6) An error in the handling of the "src" attribute of IMG elements loaded in a frame can be exploited to change the attribute to a "javascript:" URI. This allows execution of arbitrary HTML and script code in a user's browser session. 7) An error within the handling of SVG comment objects can be exploited to cause a memory corruption and allows execution of arbitrary code by appending an SVG comment object from one document into another type of document (e.g. HTML). 8) A boundary error within the processing of mail headers can be exploited to cause a heap-based buffer overflow via an overly long "Content-Type" header in an external message body. 9) A boundary error within the processing of rfc2047-encoded headers can be exploited to cause a heap-based buffer overflow. Updated Packages ================ Check if you have seamonkey installed: # pacman -Q seamonkey If found, then you should upgrade to the latest version: # pacman -Sy seamonkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFnjB6Z7NElSD1VhkRAi/0AJ9O1xTZJXQqCPORq3UJbvhPUkzb0gCfeFmd 6AARiBhmYZCqLK+AFy60C2o= =Bvui -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Jan 6 11:34:36 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Jan 6 11:34:40 2007 Subject: [Frugalware-security] [ FSA-83 ] gdm Message-ID: <20070106103436.93F00FA4A38@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-83 Date: 2007-01-06 Package: gdm Vulnerable versions: <= 2.16.0-2 Unaffected versions: >= 2.16.4-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1539 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6105 Description =========== A vulnerability has been reported in the gdmchooser application of the GNOME Display Manager, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a format string error within the "gdm_chooser_add_host()" function in gdm2/gui/gdmchooser.c. This can be exploited to execute arbitrary code with the privileges of the gdmchooser application by entering a specially crafted string when providing a remote host. Updated Packages ================ Check if you have gdm installed: # pacman -Q gdm If found, then you should upgrade to the latest version: # pacman -Sy gdm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFn3s6Z7NElSD1VhkRAvWlAJ9GMfsQH3Sg16sLZE5UCs7Q9DCH3gCfe/Yv 72wFHohRiyRdA9zvXRoc0K0= =03K8 -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Jan 6 11:41:07 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Jan 6 11:41:11 2007 Subject: [Frugalware-security] [ FSA-84 ] mono Message-ID: <20070106104107.9B43FFA4A38@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-84 Date: 2007-01-07 Package: mono Vulnerable versions: <= 1.1.17.2-1siwenna1 Unaffected versions: >= 1.1.17.2-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1557 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6104 Description =========== Jose Ramon Palanco has reported a vulnerability in Mono, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the System.Web class when handling HTTP requests. This can be exploited to gain remote access to the source code of a web application by e.g. appending "%20" to an URI. Note: Reportedly, this can also be exploited to gain access to the Web.Config file, which may contain sensitive information like credentials. Updated Packages ================ Check if you have mono installed: # pacman -Q mono If found, then you should upgrade to the latest version: # pacman -Sy mono -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFn3zDZ7NElSD1VhkRAn/AAJ9CEC+rUqJcrzHTYNHopn4/g/ZkzwCdFNvZ 7i7dtMc0He6ABJMxnvuA6Jk= =N6jt -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 8 16:42:01 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 8 16:42:04 2007 Subject: [Frugalware-security] [ FSA-85 ] mplayer Message-ID: <20070108154201.CCE4CFA41A0@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-85 Date: 2007-01-08 Package: mplayer Vulnerable versions: <= 1.0pre8-5 Unaffected versions: >= 1.0pre8-6siwenna1 Related bugreport: http://bugs.frugalware.org/task/1573 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172 Description =========== The code mentioned in DSA 1244-1 is also included in MPlayer. A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a malicious server. Since the attacker can not write arbitrary data into the buffer, creating an exploit is very hard; but a DoS attack is easily made. Updated Packages ================ Check if you have mplayer installed: # pacman -Q mplayer If found, then you should upgrade to the latest version: # pacman -Sy mplayer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFomZJZ7NElSD1VhkRAipWAJ9Xf6LI8mNwu+r3GXB+xKf+wFaVnACfZNQq LgisiwGDIqx2uEZNwa7cUyo= =9ssL -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 11 18:07:38 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 11 18:07:54 2007 Subject: [Frugalware-security] [ FSA-86 ] drupal Message-ID: <20070111170738.D98E956815B@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-86 Date: 2007-01-11 Package: drupal Vulnerable versions: <= 4.7.3-2siwenna1 Unaffected versions: >= 4.7.5-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1589 CVE: There is no CVE for this issue, see: http://secunia.com/advisories/23586 Description =========== A weakness has been reported in Drupal, which can be exploited by malicious users to conduct spoofing attacks. The weakness is caused due to an unspecified error and can be exploited to change the page cache so existing pages return "page not found" errors. Successful exploitation requires valid user credentials with the ability to post content. It also requires the page cache to be enabled and that MySQL is used. Updated Packages ================ Check if you have drupal installed: # pacman -Q drupal If found, then you should upgrade to the latest version: # pacman -Sy drupal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFpm7aZ7NElSD1VhkRAicWAKCPRHchWBHfikb9hG6JP3Zi4o9aXQCgoyk8 1MAywwJMihJF3Ygk3A4Jte8= =8DbF -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 11 18:15:32 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 11 18:15:46 2007 Subject: [Frugalware-security] [ FSA-87 ] phpbb Message-ID: <20070111171532.2AEDFFA4019@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-87 Date: 2007-01-11 Package: phpbb Vulnerable versions: <= 2.0.21-1 Unaffected versions: >= 2.0.22-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1515 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6841 Description =========== Some vulnerabilities have been discovered in phpBB, which can be exploited by malicious people to conduct cross-site request forgery attacks and cross-site scripting attacks. 1) The application allows users to send messages via HTTP requests without performing any validity checks to verify the request. This can be exploited to send messages to arbitrary users by e.g. tricking a target user into visiting a malicious website. 2) Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to the user when sending messages to a non-existent user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of the vulnerabilities requires that the target user is logged in. Updated Packages ================ Check if you have phpbb installed: # pacman -Q phpbb If found, then you should upgrade to the latest version: # pacman -Sy phpbb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFpnC0Z7NElSD1VhkRAjgGAJ9twg7bufs/+GW/er5VrjTVkKBxwwCdH8o2 h9x9XpIIl5Jb6qqdtXpdu0M= =4QpJ -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 11 20:20:12 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 11 20:20:20 2007 Subject: [Frugalware-security] [ FSA-88 ] vlc Message-ID: <20070111192012.5589CFA4019@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-88 Date: 2007-01-11 Package: vlc Vulnerable versions: <= 0.8.5-1 Unaffected versions: >= 0.8.6-1siwenna2 Related bugreport: http://bugs.frugalware.org/task/1579 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017 Description =========== Kevin Finisterre and LMH have reported a vulnerability in VLC media player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when handling "udp://" URIs and can be exploited via a specially crafted web site or an M3U file with a specially crafted udp:// URI containing format string specifiers as the file name. Successful exploitation allows execution of arbitrary code. Updated Packages ================ Check if you have vlc installed: # pacman -Q vlc If found, then you should upgrade to the latest version: # pacman -Sy vlc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFpo3sZ7NElSD1VhkRAhx2AJ0efBYvZwSzwMKk3BK71IyNN1c2SQCgjL9W x4r4HMFazMciQQMxcct+lvQ= =TjLY -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 11 23:29:53 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 11 23:29:56 2007 Subject: [Frugalware-security] [ FSA-89 ] cacti Message-ID: <20070111222953.C7CCC4F8538@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-89 Date: 2007-01-11 Package: cacti Vulnerable versions: <= 0.8.6h-1 Unaffected versions: >= 0.8.6i-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1584 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6799 Description =========== rgod has discovered four vulnerabilities in Cacti, which can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems. 1) The "cmd.php" and "copy_cacti_user.php" scripts do not properly restrict access to command line usage and are installed in a web-accessible location. Successful exploitation requires that "register_argc_argv" is enabled. 2) Input passed in the URL to cmd.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "register_argc_argv" is enabled. 3) The results from the SQL queries in 2) in cmd.php are not properly sanitised before being used as shell commands. This can be exploited to inject arbitrary shell commands. 4) Input passed in the URL to copy_cacti_user.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows adding new administrator users, but requires that "register_argc_argv" is enabled. Furthermore, it has been reported that other scripts may be exploitable under certain conditions. It has also been reported that script_server.php can be exploited to cause a DoS (denial of service). Updated Packages ================ Check if you have cacti installed: # pacman -Q cacti If found, then you should upgrade to the latest version: # pacman -Sy cacti -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFprphZ7NElSD1VhkRAt//AJwKW5cLoDuHi6NryzD+bfsyqf2vCQCgjGgL oap0sD2Z9DPpWewqK5pNhpk= =wAu8 -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 15 20:31:56 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 15 20:32:10 2007 Subject: [Frugalware-security] [ FSA-90 ] xorg-server Message-ID: <20070115193156.ED6FDFA40A5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-90 Date: 2007-01-15 Package: xorg-server Vulnerable versions: <= 1.1.1-5 Unaffected versions: >= 1.1.1-6siwenna1 Related bugreport: http://bugs.frugalware.org/task/1610 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6103 Description =========== Sean Larsson has reported some vulnerabilities in X.Org X11, which can be exploited by malicious, local users to gain escalated privileges. The vulnerabilities are caused due to input validation errors within the "ProcRenderAddGlyphs()" function of the "Render" extension, and the "ProcDbeGetVisualInfo()" and "ProcDbeSwapBuffers()" functions of the "DBE" extension. This can be exploited to cause memory corruption by sending specially crafted X requests to the X server. Successful exploitation may allow the execution of arbitrary code with the privileges of the X server, but requires that the "Render" or "DBE" extensions are loaded. Updated Packages ================ Check if you have xorg-server installed: # pacman -Q xorg-server If found, then you should upgrade to the latest version: # pacman -Sy xorg-server -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFq9asZ7NElSD1VhkRAiVtAJ0ZKugsmBgyyg+ieX2qxh8aVhsD3gCeN/cw l5GRAl7SWb8hERDXdq5ZWA0= =4LYW -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 15 20:48:20 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 15 20:48:34 2007 Subject: [Frugalware-security] [ FSA-91 ] avahi avahi-compat avahi-glib avahi-gtk2 avahi-python avahi-qt3 avahi-sharp Message-ID: <20070115194820.A946EFA40A3@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-91 Date: 2007-01-15 Package: avahi avahi-compat avahi-glib avahi-gtk2 avahi-python avahi-qt3 avahi-sharp Vulnerable versions: <= 0.6.13-2siwenna1 Unaffected versions: >= 0.6.13-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1607 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6870 Description =========== A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "consume_labels()" function in avahi-core/dns.c when handling compressed packets. This can be exploited to cause an endless loop by sending specially crafted packets with compression labels that refer each other. Updated Packages ================ Check if you have avahi avahi-compat avahi-glib avahi-gtk2 avahi-python avahi-qt3 avahi-sharp installed: # pacman -Q avahi avahi-compat avahi-glib avahi-gtk2 avahi-python avahi-qt3 avahi-sharp If found, then you should upgrade to the latest version: # pacman -Sy avahi avahi-compat avahi-glib avahi-gtk2 avahi-python avahi-qt3 avahi-sharp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFq9qEZ7NElSD1VhkRAsjBAJ9yZDn5zf19OlfoGOUCMnJkhH5rKgCgl/Ee /e9bfYDEBYQO86urXMdZ6Lc= =sRS3 -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 15 21:04:27 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 15 21:04:35 2007 Subject: [Frugalware-security] [ FSA-92 ] joomla Message-ID: <20070115200427.69C33FA40A4@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-92 Date: 2007-01-15 Package: joomla Vulnerable versions: <= 1.0.11-1 Unaffected versions: >= 1.0.12-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1585 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6833 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6832 Description =========== Some vulnerabilities have been reported in Joomla!, where some have unknown impacts and one can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The vulnerabilities are caused due to unspecified errors in Joomla!. The vendor describes them as "several low level security issues". No further information is currently available. Updated Packages ================ Check if you have joomla installed: # pacman -Q joomla If found, then you should upgrade to the latest version: # pacman -Sy joomla -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFq95KZ7NElSD1VhkRAnhiAJ9nfceaVjn0aSt/tdxBIsj0xnt4VgCgogLl UE87Qdk/uVs2DIP5ka5DQUk= =z9Z0 -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 15 21:11:38 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 15 21:11:41 2007 Subject: [Frugalware-security] [ FSA-93 ] kernel Message-ID: <20070115201138.25C60FA40A5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-93 Date: 2007-01-15 Package: kernel Vulnerable versions: <= 2.6.17-6siwenna5 Unaffected versions: >= 2.6.17-6siwenna6 Related bugreport: http://bugs.frugalware.org/task/1615 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5823 Description =========== Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) An error exists within the handling of locking semaphores in "mincore()". This can be exploited to cause a deadlock by using the function on unmapped pages. 2) An error exists within the "zlib_inflate()" function when processing certain data streams. This can be exploited to corrupt memory by e.g. mounting a specially crafted cramfs image and performing a read operation on the mounted file system. 3) The Kernel fails to handle corrupted data structures in the Ext2 file system correctly. This can be exploited to crash the system by mounting and reading a specially crafted file system image. Updated Packages ================ Check if you have kernel installed: # pacman -Q kernel If found, then you should upgrade to the latest version: # pacman -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFq9/5Z7NElSD1VhkRAuvOAJ4xQBQKyiS4qX1XMjuQ2n73PMCmqQCdE/FX PTKpl4gUpORwcWbl2jlHVK4= =j/GP -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 15 21:43:10 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 15 21:43:35 2007 Subject: [Frugalware-security] [ FSA-94 ] w3m Message-ID: <20070115204311.08F97FA40A4@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-94 Date: 2007-01-15 Package: w3m Vulnerable versions: <= 0.5.1-2 Unaffected versions: >= 0.5.1-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1582 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6772 Description =========== A vulnerability has been reported in w3m, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when handling SSL certificates and can be exploited via a specially crafted SSL certificate containing format specifiers in the "CN" field. Successful exploitation may allow execution of arbitrary code when e.g. visiting a malicious website, but requires that the application is running with either the "-dump" or "-backend" option. Updated Packages ================ Check if you have w3m installed: # pacman -Q w3m If found, then you should upgrade to the latest version: # pacman -Sy w3m -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFq+deZ7NElSD1VhkRAv/pAJ9aKx54D9c9/tqBB2B9pYSRXQ0fpQCePl7w lXyuIqjtSr1rFvia8YEH404= =qDoG -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jan 15 21:43:10 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jan 15 21:43:36 2007 Subject: [Frugalware-security] [ FSA-94 ] w3m Message-ID: <20070115204311.090E1FA40A5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-94 Date: 2007-01-15 Package: w3m Vulnerable versions: <= 0.5.1-2 Unaffected versions: >= 0.5.1-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1582 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6772 Description =========== A vulnerability has been reported in w3m, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error when handling SSL certificates and can be exploited via a specially crafted SSL certificate containing format specifiers in the "CN" field. Successful exploitation may allow execution of arbitrary code when e.g. visiting a malicious website, but requires that the application is running with either the "-dump" or "-backend" option. Updated Packages ================ Check if you have w3m installed: # pacman -Q w3m If found, then you should upgrade to the latest version: # pacman -Sy w3m -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFq+deZ7NElSD1VhkRAv/pAJ9fs6ORU6VuPDLE91RqM4BmSo/nvACgoQQd 8UfW7rJHkfXS6vSXBhQTn+w= =NOBK -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jan 16 11:27:59 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Jan 16 11:28:15 2007 Subject: [Frugalware-security] [ FSA-95 ] libgtop Message-ID: <20070116102759.87388FA40B8@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-95 Date: 2007-01-16 Package: libgtop Vulnerable versions: <= 2.14.3-1 Unaffected versions: >= 2.14.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1626 CVE: There is no CVE for this issue, see: http://secunia.com/advisories/23736 Description =========== Liu Qishuai has reported a vulnerability in libgtop2, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the "glibtop_get_proc_map_s()" function in sysdeps/linux/procmap.c. This can be exploited to cause a stack-based buffer overflow by running a process with a specially crafted long path and tricking a victim into running an application using the library (e.g. gnome-system-monitor). Updated Packages ================ Check if you have libgtop installed: # pacman -Q libgtop If found, then you should upgrade to the latest version: # pacman -Sy libgtop -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFrKivZ7NElSD1VhkRAp+QAKCmfr25iJgHunbeUEaOmvptTNZ14wCfbDP/ x30dZScvmbZrqduBZVbzGMA= =zsrG -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jan 16 11:33:40 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Jan 16 11:33:44 2007 Subject: [Frugalware-security] [ FSA-96 ] libsoup Message-ID: <20070116103340.B27F5FA40BC@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-96 Date: 2007-01-16 Package: libsoup Vulnerable versions: <= 2.2.96-2 Unaffected versions: >= 2.2.96-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1625 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5876 Description =========== Roland Lezuo and Josselin Mouette have reported a vulnerability in libsoup, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "soup_headers_parse()" function in soup-headers.c. This can be exploited to crash an application using the library by sending specially crafted HTTP requests. Updated Packages ================ Check if you have libsoup installed: # pacman -Q libsoup If found, then you should upgrade to the latest version: # pacman -Sy libsoup -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFrKoEZ7NElSD1VhkRAgvSAJ4j5OJdCNME9kWnGcRg7XSx9tmU8gCggeKq wPYh1T1uCcARyH0sWs7exiY= =J+vc -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jan 16 11:40:00 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Jan 16 11:40:16 2007 Subject: [Frugalware-security] [ FSA-97 ] fetchmail Message-ID: <20070116104000.EBDB7FA40BD@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-97 Date: 2007-01-16 Package: fetchmail Vulnerable versions: <= 6.3.4-1 Unaffected versions: >= 6.3.6-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1608 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974 Description =========== A vulnerability and a security issue have been reported in Fetchmail, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to gain knowledge of sensitive information. 1) A NULL pointer dereference error in Fetchmail, when refusing a message that was bound for delivery by a message delivery agent (MDA) via the "mda" option, can be exploited to crash the service. 2) Several errors could lead to the authentication in plain text despite the configured settings, resulting in the possibility of passwords being eavesdropped. Updated Packages ================ Check if you have fetchmail installed: # pacman -Q fetchmail If found, then you should upgrade to the latest version: # pacman -Sy fetchmail -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFrKuAZ7NElSD1VhkRAkoeAKCELPTbYyEO90rX1vMxvq3AXjTX/gCdFHld 6y3b/uUIAvvLAOrsSCZoh6M= =xdnj -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jan 16 12:07:47 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Jan 16 12:07:57 2007 Subject: [Frugalware-security] [ FSA-98 ] proftpd Message-ID: <20070116110747.13D12FA40B8@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-98 Date: 2007-01-16 Package: proftpd Vulnerable versions: <= 1.3.0-4siwenna1 Unaffected versions: >= 1.3.0-5siwenna1 Related bugreport: http://bugs.frugalware.org/task/1538 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6563 Description =========== Alfredo Ortega has reported a vulnerability in the mod_ctrls module for ProFTPD, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the "pr_ctrls_recv_request()" function in src/ctrls.c and can be exploited to cause a buffer overflow by sending specially crafted control messages to the module. Successful exploitation may allow to execute arbitrary code with escalated privileges, but requires that the mod_ctrl module is used and that ACLs allow the attacker to access the module. Updated Packages ================ Check if you have proftpd installed: # pacman -Q proftpd If found, then you should upgrade to the latest version: # pacman -Sy proftpd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFrLICZ7NElSD1VhkRApNJAJ9ECfs9ybwpVUItAXHGy9Bq109KkwCfb/c4 +w4f+R62/M7EZEtISXObPwk= =vWkJ -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jan 16 17:58:13 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Jan 16 17:58:28 2007 Subject: [Frugalware-security] [ FSA-99 ] mediawiki Message-ID: <20070116165813.2ECDAFA40BE@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-99 Date: 2007-01-16 Package: mediawiki Vulnerable versions: <= 1.7.1-1 Unaffected versions: >= 1.7.2-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1609 CVE: There is no CVE for this issue, see: http://secunia.com/cve_reference/CVE-2006-6563 Description =========== A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that $wgUseAjax is set to true, which is not its default setting. Updated Packages ================ Check if you have mediawiki installed: # pacman -Q mediawiki If found, then you should upgrade to the latest version: # pacman -Sy mediawiki -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFrQQkZ7NElSD1VhkRAmeSAJ9+h7rMBRB3jJVFF4i4veNSrFMg3QCbBEA6 HQwFoRNTSlhRLRQ8SIW9nCY= =xMwf -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jan 16 18:14:15 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Jan 16 18:14:19 2007 Subject: [Frugalware-security] [ FSA-100 ] tor Message-ID: <20070116171415.3B0B4FA41A3@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-100 Date: 2007-01-16 Package: tor Vulnerable versions: <= 0.1.1.23-1 Unaffected versions: >= 0.1.1.26-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1536 CVE: There is no CVE for these issues, see Changelog of tor. Description =========== 1) Stop sending the HttpProxyAuthenticator string to directory servers when directory connections are tunnelled through Tor. 2) Clients no longer store bandwidth history in the state file. 3) Do not log introduction points for hidden services if SafeLogging is set. 4) When the user sends a NEWNYM signal, clear the client-side DNS cache too. Otherwise we continue to act on previous information. Updated Packages ================ Check if you have tor installed: # pacman -Q tor If found, then you should upgrade to the latest version: # pacman -Sy tor -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFrQfmZ7NElSD1VhkRAjsqAJ956EvQvPD49+ujEs+rPD5/9XNmygCeNqTw Dp3ttLfpdHsLWgj54E7OHq0= =dSfR -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Jan 19 19:31:42 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Jan 19 19:31:45 2007 Subject: [Frugalware-security] [ FSA-101 ] openoffice.org Message-ID: <20070119183142.6EBEDFA4095@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-101 Date: 2007-01-19 Package: openoffice.org Vulnerable versions: <= 2.0.3-1 Unaffected versions: >= 2.0.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1578 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5870 Description =========== John Heasman has reported some vulnerabilities in OpenOffice, which can be exploited by malicious people to compromise a user's system. 1) A truncation error within the handling of the META_ESCAPE record can be exploited to cause a heap-based buffer overflow via a specially crafted WMF/EMF file. 2) An integer overflow within the handling of EMR_POLYPOLYGON and EMR_POLYPOLYGON16 records can be exploited to cause a heap-based buffer overflow via a specially crafted WMF/EMF file. Successful exploitation of the vulnerabilities allows execution of arbitrary code and requires that a user is tricked into opening a specially crafted WMF/EMF file or a specially crafted document. Updated Packages ================ Check if you have openoffice.org installed: # pacman -Q openoffice.org If found, then you should upgrade to the latest version: # pacman -Sy openoffice.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFsQ6OZ7NElSD1VhkRAnW3AJ9/NBNmwk3BX7oiAT04B/Dw8GgUFwCeMHrn 3M5wXozZNR7NDlmqvlJrjww= =siiX -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 25 03:04:20 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 25 03:04:23 2007 Subject: [Frugalware-security] [ FSA-102 ] smb4k Message-ID: <20070125020420.626CEFA408D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-102 Date: 2007-01-25 Package: smb4k Vulnerable versions: <= 0.7.2-1 Unaffected versions: >= 0.7.5-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1628 CVE: There is no CVE for this issue, see: https://developer.berlios.de/project/shownotes.php?release_id=11706 Description =========== 1) A grave bug was discovered that could cause a corrupted /etc/sudoers file if debug or error output was received via stderr while reading the file for subsequent processing. 2) Kees Cook conducted a security audit of Smb4K 0.7.5. He found several security weaknesses in the utility programs (stack overflows / the use of strcpy instead of strncpy / a design error in smb4k_kill) and in the Smb4KFileIO class (use of mktemp instead of mkstemp for creation of the temporary files which could lead to both a race and an information leak / a race in the code that handles the lock file). Updated Packages ================ Check if you have smb4k installed: # pacman -Q smb4k If found, then you should upgrade to the latest version: # pacman -Sy smb4k -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFuBAkZ7NElSD1VhkRAgIZAJ0axQE9AsJkaLpaB7wwHiBPKUJATACfZF0G NonZaJdGjKfzQYHsg7hhqbA= =Kw0X -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 25 22:17:29 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 25 22:17:31 2007 Subject: [Frugalware-security] [ FSA-103 ] ed Message-ID: <20070125211729.F3EDB56804A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-103 Date: 2007-01-25 Package: ed Vulnerable versions: <= 0.2-2 Unaffected versions: >= 0.4-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1638 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6939 Description =========== A vulnerability has been reported in GNU ed, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to temporary files being created insecurely. This can be exploited via symlink attacks to overwrite arbitrary files with the privileges of the user running ed. Updated Packages ================ Check if you have ed installed: # pacman -Q ed If found, then you should upgrade to the latest version: # pacman -Sy ed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFuR5pZ7NElSD1VhkRAu6aAJ4spFEDv2awhII53M1UVahveiMb7ACfcy/u QunkTryjDb3p7GR7VU1ZoSc= =UWz+ -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jan 25 23:07:11 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jan 25 23:07:21 2007 Subject: [Frugalware-security] [ FSA-104 ] kdegraphics Message-ID: <20070125220711.2E6A34F82DD@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-104 Date: 2007-01-25 Package: kdegraphics Vulnerable versions: <= 3.5.4-4siwenna1 Unaffected versions: >= 3.5.4-5siwenna1 Related bugreport: http://bugs.frugalware.org/task/1631 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 Description =========== A weakness has been reported in KDE and KOffice, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the handling of catalog dictionaries or page attributes that reference an invalid page treenode. This can be exploited to cause an infinite loop by e.g. tricking a user into opening a specially crafted PDF document. Updated Packages ================ Check if you have kdegraphics installed: # pacman -Q kdegraphics If found, then you should upgrade to the latest version: # pacman -Sy kdegraphics -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFuSoPZ7NElSD1VhkRAljiAJ9vvmhU5i3rYJf/lx0oyVIA66JwJwCeIA2D ORn+EcRmm1pj5UnCwuaaebc= =q9bz -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Jan 26 00:51:12 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Jan 26 00:51:16 2007 Subject: [Frugalware-security] [ FSA-105 ] koffice Message-ID: <20070125235112.C3E7AFA4093@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-105 Date: 2007-01-25 Package: koffice Vulnerable versions: <= 1.5.2-2 Unaffected versions: >= 1.5.2-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1630 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 Description =========== A weakness has been reported in KDE and KOffice, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the handling of catalog dictionaries or page attributes that reference an invalid page treenode. This can be exploited to cause an infinite loop by e.g. tricking a user into opening a specially crafted PDF document. Updated Packages ================ Check if you have koffice installed: # pacman -Q koffice If found, then you should upgrade to the latest version: # pacman -Sy koffice -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFuUJwZ7NElSD1VhkRAudrAJ49oJ/lb+viMMlNTmiRl5Si+w00tgCgh8mS Z/l/CiflyHkYO11QKiHL/GY= =e8GR -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Jan 26 00:58:41 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Jan 26 00:58:43 2007 Subject: [Frugalware-security] [ FSA-106 ] squid Message-ID: <20070125235841.B3837FA4097@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-106 Date: 2007-01-26 Package: squid Vulnerable versions: <= 2.6.STABLE3-1 Unaffected versions: >= 2.6.STABLE7-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1634 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0247 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0248 Description =========== Two vulnerabilities have been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain FTP URL requests can be exploited to crash Squid by visiting a specially crafted FTP URL via the proxy. 2) An error in the external_acl queue can cause Squid to crash when it is under high load conditions. Updated Packages ================ Check if you have squid installed: # pacman -Q squid If found, then you should upgrade to the latest version: # pacman -Sy squid -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFuUQxZ7NElSD1VhkRAj1QAJ9uiHkBzawdAyxpO9i0b8/6cM4p4gCcCx1Y e13ZhROsTiHoGeMpqWgr9Hw= =rhbg -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Jan 26 03:03:56 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Jan 26 03:04:02 2007 Subject: [Frugalware-security] [ FSA-107 ] poppler poppler-glib poppler-pdftools poppler-qt Message-ID: <20070126020356.85D72FA4089@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-107 Date: 2007-01-26 Package: poppler poppler-glib poppler-pdftools poppler-qt Vulnerable versions: <= 0.5.3-1 Unaffected versions: >= 0.5.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1637 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 Description =========== A vulnerability has been reported in Poppler, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the handling of catalog dictionaries or page attributes that reference an invalid page tree node. This can be exploited to cause an infinite loop by e.g. tricking a user into opening a specially crafted PDF document. Updated Packages ================ Check if you have poppler poppler-glib poppler-pdftools poppler-qt installed: # pacman -Q poppler poppler-glib poppler-pdftools poppler-qt If found, then you should upgrade to the latest version: # pacman -Sy poppler poppler-glib poppler-pdftools poppler-qt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFuWGMZ7NElSD1VhkRArZqAJ4/Hi+p/kA1yqNBV0+6ajhfhYnvRwCePgxZ SilHV07XzRWEeZUXjBeHOdU= =x4Gu -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Jan 27 19:09:56 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Jan 27 19:09:59 2007 Subject: [Frugalware-security] [ FSA-108 ] phpmyadmin Message-ID: <20070127180956.952CEFA4106@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-108 Date: 2007-01-27 Package: phpmyadmin Vulnerable versions: <= 2.9.1.1-1siwenna1 Unaffected versions: >= 2.9.2-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1611 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0203 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0204 Description =========== Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks and HTTP response splitting attacks. 1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed in the "phpMyAdmin" cookie is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which will be included in a response sent to the user, allowing for execution of arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires a version of PHP 4 before 4.4.2 or a version of PHP 5 before 5.1.2. Updated Packages ================ Check if you have phpmyadmin installed: # pacman -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman -Sy phpmyadmin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFu5V0Z7NElSD1VhkRAic1AKCmmwNuZ+/rigDwJTbyd8Xe0dQ2HQCeOSVO 9fZG4NRg8T46zVXnd8JdylE= =7rvb -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Jan 27 19:40:38 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Jan 27 19:40:45 2007 Subject: [Frugalware-security] [ FSA-109 ] bind Message-ID: <20070127184038.46E89FA4107@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-109 Date: 2007-01-27 Package: bind Vulnerable versions: <= 9.3.2_P2-1siwenna1 Unaffected versions: >= 9.3.4-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1664 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 Description =========== A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which may cause the named daemon to dereference a freed fetch context. Successful exploitation crashes the named daemon. Updated Packages ================ Check if you have bind installed: # pacman -Q bind If found, then you should upgrade to the latest version: # pacman -Sy bind -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFFu5ykZ7NElSD1VhkRArUTAKCRfRs6I5Sn0XeYhBA/Wq4rIc9KhwCfRiZo 7LD+rk2o0r4l2OHxaHfvmVY= =B1zH -----END PGP SIGNATURE-----