From noreply at frugalware.org Sun Jul 1 10:41:03 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Jul 1 10:41:12 2007 Subject: [Frugalware-security] [ FSA-210 ] vlc Message-ID: <20070701084103.316551868073@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-210 Date: 2007-07-01 Package: vlc Vulnerable versions: <= 0.8.6-3 Unaffected versions: >= 0.8.6-4terminus1 Related bugreport: http://bugs.frugalware.org/task/2182 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3316 Description =========== Some vulnerabilities have been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to format string errors in the Ogg/Vorbis, Ogg/Theora, CDDA (CD Digital Audio), and SAP (Service Announce Protocol) plugins. These can be exploited to execute arbitrary code via a specially crafted .ogg or .ogm file (Vorbis/Theora), CDDB entry, or SAP/SDP message. Updated Packages ================ Check if you have vlc installed: # pacman -Q vlc If found, then you should upgrade to the latest version: # pacman -Sy vlc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGh2ifZ7NElSD1VhkRAraHAJ0UrZIapBOgsy/E97bVL/19rvoEMwCfUhzB pGjBNC74AZSbV/AywDfHvGY= =1TPw -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 1 10:46:34 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Jul 1 10:46:35 2007 Subject: [Frugalware-security] [ FSA-211 ] libexif Message-ID: <20070701084634.4C8F81868073@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-211 Date: 2007-07-01 Package: libexif Vulnerable versions: <= 0.6.13-2terminus1 Unaffected versions: >= 0.6.13-2terminus2 Related bugreport: http://bugs.frugalware.org/task/2197 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4168 Description =========== A vulnerability has been reported in libexif, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error within the "exif_data_load_data_entry()" function when handling EXIF component information and can be exploited to cause a heap based buffer overflow. Successful exploitation may allow an attacker to crash an application using the library or to execute arbitrary code. Updated Packages ================ Check if you have libexif installed: # pacman -Q libexif If found, then you should upgrade to the latest version: # pacman -Sy libexif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGh2nqZ7NElSD1VhkRAgVdAJ9xiWKuPIEiC+iT/CbbpAyeUAOJUQCeK7Ga JbkhPZZkYfb7j2lU9xOueRc= =PEqO -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 1 10:51:17 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Jul 1 10:51:19 2007 Subject: [Frugalware-security] [ FSA-212 ] evolution-data-server Message-ID: <20070701085117.409731868073@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-212 Date: 2007-07-01 Package: evolution-data-server Vulnerable versions: <= 1.10.0-1 Unaffected versions: >= 1.10.0-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2207 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257 Description =========== Philip Van Hoof has reported a vulnerability in Evolution, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "imap_rescan()" function in camel/providers/imap/camel-imap-folder.c not properly sanitising the "SEQUENCE" value before being used to index arrays. This may be exploited to execute arbitrary code by e.g. tricking a user into using a malicious IMAP server. Updated Packages ================ Check if you have evolution-data-server installed: # pacman -Q evolution-data-server If found, then you should upgrade to the latest version: # pacman -Sy evolution-data-server -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGh2sFZ7NElSD1VhkRAq2HAJ9eKA9q3pXr52G2feZAgh/N00zF0QCfbG0x VoAjf+3+IIPfCaXq50yiRfA= =l2de -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 1 10:58:54 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Jul 1 10:59:00 2007 Subject: [Frugalware-security] [ FSA-213 ] gd Message-ID: <20070701085854.9C5AB1868073@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-213 Date: 2007-07-01 Package: gd Vulnerable versions: <= 2.0.34-2terminus1 Unaffected versions: >= 2.0.34-2terminus2 Related bugreport: http://bugs.frugalware.org/task/2219 CVE: No CVE for this issue, see: http://www.libgd.org/ReleaseNote020035 Description =========== Some vulnerabilities have been reported in the GD Graphics Library, where some have unknown impact and others can potentially be exploited to cause a DoS. 1) An integer overflow exists in the "gdImageCreateTrueColor()" function. 2) An error in the "gdImageCreateXbm()" function can potentially be exploited to cause a crash. Updated Packages ================ Check if you have gd installed: # pacman -Q gd If found, then you should upgrade to the latest version: # pacman -Sy gd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGh2zOZ7NElSD1VhkRAj7bAJ9RJ0WrtpDOXhlRhgCyr6ndL/OhygCfVMH/ Cnq0vHb2mCmkRhu9B1wsHdo= =6iR8 -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 1 13:55:09 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Jul 1 13:55:16 2007 Subject: [Frugalware-security] [ FSA-214 ] clamav Message-ID: <20070701115509.CFD771868073@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-214 Date: 2007-07-01 Package: clamav Vulnerable versions: <= 0.90.2-1terminus1 Unaffected versions: >= 0.90.2-1terminus2 Related bugreport: http://bugs.frugalware.org/task/2042 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3023 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3024 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3122 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3123 Description =========== Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error exists within the OLE2 parser when handling objects with malformed FAT partitions and large property sizes. This can be exploited to cause a DoS due to storage and CPU resource consumption by scanning a specially crafted OLE2 file. 2) An error in the processing of RAR files can be exploited to crash the process via a specially crafted RAR file. 3) A boundary error exists within the file /libclamav/unsp.c, which can be exploited to crash the process via a specially crafted NsPacked file. 4) An incorrect regular expression in libclamav/phishcheck.c can be exploited to cause a DoS by consuming all available CPU resources via a specially crafted file. Updated Packages ================ Check if you have clamav installed: # pacman -Q clamav If found, then you should upgrade to the latest version: # pacman -Sy clamav -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGh5YdZ7NElSD1VhkRAoptAJ9bOXvNZ6XhlRXjqlzruM2VKtSFFwCgpk2+ 2JAzUlXvi7G5QDBcetZB+SQ= =nC6n -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 1 18:00:22 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Jul 1 18:00:26 2007 Subject: [Frugalware-security] [ FSA-215 ] openoffice.org Message-ID: <20070701160022.177E1186809D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-215 Date: 2007-07-01 Package: openoffice.org Vulnerable versions: <= 2.1.0-6terminus1 Unaffected versions: >= 2.1.0-6terminus2 Related bugreport: http://bugs.frugalware.org/task/2196 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 Description =========== Some vulnerabilities have been reported in OpenOffice, which can potentially be exploited by malicious people to compromise a user's system. 1) An error exists when parsing the "prdata" tag in RTF files where the first token is smaller that the second one. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted RTF files. 2) A vulnerability is caused due to the use of a vulnerable copy of the FreeType library, which can be exploited to cause a heap based buffer overflow by e.g. tricking a user into opening a specially crafted document. Updated Packages ================ Check if you have openoffice.org installed: # pacman -Q openoffice.org If found, then you should upgrade to the latest version: # pacman -Sy openoffice.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGh8+WZ7NElSD1VhkRAoi8AJwOTEmKQiARuQ/ANHPNgWzh185qOQCeMdlC Mwzi57EMDvlXlNQEDnANZVk= =x4WH -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jul 5 17:22:14 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jul 5 17:22:16 2007 Subject: [Frugalware-security] [ FSA-216 ] wordpress Message-ID: <20070705152214.02C0F13A4053@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-216 Date: 2007-07-05 Package: wordpress Vulnerable versions: <= 2.1.3-1terminus1 Unaffected versions: >= 2.2.1-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2067 http://bugs.frugalware.org/task/2158 http://bugs.frugalware.org/task/2213 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2821 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3140 Description =========== Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "cookie" parameter in wp-admin/admin-ajax.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving administrator password hashes, but requires knowledge of the database table prefix. A vulnerability has been discovered in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "wp.suggestCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving usernames and password hashes, but requires valid user credentials and knowledge of the database table prefix. Alexander Concha has discovered a vulnerability in WordPress and WordPress MU, which can be exploited by malicious users to bypass certain security restrictions and to compromise a vulnerable system. The vulnerability is caused due to improper authentication verification. This can be exploited to add the custom field "_wp_attached_file" to a post, upload a PHP script to an arbitrary path with wp-app.php or app.php, and execute arbitrary PHP code. Successful exploitation requires valid Editor credentials and that the system is configured to allow uploads. Updated Packages ================ Check if you have wordpress installed: # pacman-g2 -Q wordpress If found, then you should upgrade to the latest version: # pacman-g2 -Sy wordpress -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGjQylZ7NElSD1VhkRAuBDAJ41L9G/4zLCHHXgF/YWPQZ7drbswACeLWbu eUpiTf7YQY0pokv5K4zyIrE= =b7ch -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jul 9 22:58:03 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Jul 9 22:58:06 2007 Subject: [Frugalware-security] [ FSA-217 ] xvidcore Message-ID: <20070709205803.BFFE716A8084@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-217 Date: 2007-07-09 Package: xvidcore Vulnerable versions: <= 1.1.2-1 Unaffected versions: >= 1.1.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2212 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3329 Description =========== Trixter Jack has reported a vulnerability in the Xvid library, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an array indexing error in the "get_intra_block()" function within src/bitstream/mbcoding.c while processing Xvid Avi files. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Updated Packages ================ Check if you have xvidcore installed: # pacman-g2 -Q xvidcore If found, then you should upgrade to the latest version: # pacman-g2 -Sy xvidcore -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGkqFbZ7NElSD1VhkRAkoCAJ45gxHzM4gEzyCzrfx/so5QGK0c3wCfQb2Y OjjUhOl4WewRvQlsVJKov8g= =FlbS -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jul 12 12:39:40 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Jul 12 12:39:42 2007 Subject: [Frugalware-security] [ FSA-218 ] kernel Message-ID: <20070712103940.802D616A80A0@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-218 Date: 2007-07-12 Package: kernel Vulnerable versions: <= 2.6.20-5terminus6 Unaffected versions: >= 2.6.20-5terminus7 Related bugreport: http://bugs.frugalware.org/task/2211 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3104 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a Denial of Service (DoS). The vulnerability is caused due to a NULL pointer dereference within the function "sysfs_readdir()" when handling pointers to inodes. This can be exploited to crash a vulnerable system. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGlgTsZ7NElSD1VhkRAk4pAJ9EvK+OQ6ZUkgvdIbsDxzfgjtqA0wCfeo+1 vSs59nqYpdCMdCDqUtajGYA= =ZlJ5 -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 22 13:53:08 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 22 13:53:11 2007 Subject: [Frugalware-security] [ FSA-219 ] avahi Message-ID: <20070722115308.9D69B1868239@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-219 Date: 2007-07-22 Package: avahi Vulnerable versions: <= 0.6.17-2 Unaffected versions: >= 0.6.17-3terminus1 Related bugreport: http://bugs.frugalware.org/task/2209 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3372 Description =========== Emanuele Aina has reported a security issue in Avahi, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security issue is caused due to an "assert()" error when receiving empty TXT data over D-Bus for registration. This can be exploited to terminate the Avahi daemon by sending empty TXT data. Updated Packages ================ Check if you have avahi installed: # pacman-g2 -Q avahi If found, then you should upgrade to the latest version: # pacman-g2 -Sy avahi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGo0UkZ7NElSD1VhkRAgQyAJwJBb/YgtY5z0iTdWZ7w4vOgR0EEACfWOhL B0G5x0SWWsGuAWXxRHHi5H0= =HqR8 -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 22 14:02:31 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 22 14:02:33 2007 Subject: [Frugalware-security] [ FSA-220 ] wireshark Message-ID: <20070722120231.C22E113A41A7@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-220 Date: 2007-07-22 Package: wireshark Vulnerable versions: <= 0.99.5-1 Unaffected versions: >= 0.99.6-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2218 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3393 Description =========== Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Errors exist within the DHCP/BOOTP dissector or when processing HTTP chunked responses, iSeries capture files, or DCP ETSI, SSL, or MMS packets. These can be exploited to cause a crash, excessive loops, or consume large amounts of memory when parsing a specially crafted packet that is either captured off the wire or loaded via a capture file. Updated Packages ================ Check if you have wireshark installed: # pacman-g2 -Q wireshark If found, then you should upgrade to the latest version: # pacman-g2 -Sy wireshark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGo0dXZ7NElSD1VhkRAosHAKCblPCQul96VKksrSin7T/7eyYMPwCeJNWU TdIvGuSjtceSvxUj/t8oQm0= =u5i9 -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 22 14:29:28 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 22 14:29:29 2007 Subject: [Frugalware-security] [ FSA-221 ] flashplugin Message-ID: <20070722122928.B654A13A41AA@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-221 Date: 2007-07-22 Package: flashplugin Vulnerable versions: <= 9.0.31.0-1 Unaffected versions: >= 9.0.48.0-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2240 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3457 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022 Description =========== Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit these potential vulnerabilities. Updated Packages ================ Check if you have flashplugin installed: # pacman-g2 -Q flashplugin If found, then you should upgrade to the latest version: # pacman-g2 -Sy flashplugin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGo02oZ7NElSD1VhkRAqIYAJ9gfwY/igFdi03R0hED13IKE1/vBQCfUWU1 cLADpEtqjfSKPg3iZWYS+G4= =09ex -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 22 21:08:28 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 22 21:08:30 2007 Subject: [Frugalware-security] [ FSA-222 ] qemu Message-ID: <20070722190828.87C2713A41A7@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-222 Date: 2007-07-22 Package: qemu Vulnerable versions: <= 0.9.0-1 Unaffected versions: >= 0.9.0-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2011 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1320 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1321 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1323 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1366 Description =========== Tavis Ormandy has reported some vulnerabilities in QEMU, which can be exploited by malicious uses to bypass certain security restrictions or cause a DoS (Denial of Service). 1) A boundary error exists within the "cirrus_invalidate_region()" function of the Cirrus video driver, which can be exploited to cause a heap-based buffer overflow. 2) The size of ethernet frames is not correctly checked against the "MTU" before being copied into the registers of the NE2000 network driver. This can be exploited to cause a heap-based buffer overflow. 3) An integer signedness error when processing data in the NE2000 device registers can be exploited to cause a heap-based buffer overflow. Successful exploitation of 1) through 3) may allow the execution of arbitrary code. 4) Errors when handling the "icebp" instruction can be exploited to cause a DoS by terminating the emulation session. 5) An error within the handling of the "aam" instruction can result in a division by zero, which can be exploited to cause a DoS. Updated Packages ================ Check if you have qemu installed: # pacman-g2 -Q qemu If found, then you should upgrade to the latest version: # pacman-g2 -Sy qemu -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGo6ssZ7NElSD1VhkRAkzmAKCSvCruhAs1Hwl7wq6Di4/qnpjM4QCeJMK5 vkeFCJCw78FETDUSCwym1yE= =J4EO -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jul 23 18:16:28 2007 From: noreply at frugalware.org (vmiklos) Date: Mon Jul 23 18:16:31 2007 Subject: [Frugalware-security] [ FSA-223 ] joomla Message-ID: <20070723161628.39A9C186824B@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-223 Date: 2007-07-23 Package: joomla Vulnerable versions: <= 1.0.12-1 Unaffected versions: >= -1.0.12-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2216 CVE: There is no CVE for this issue, see http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_item_id=5654 Description =========== Cindy Chee has discovered a vulnerability in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "Title" and "Section Name" form fields when creating new sections in Section Manager is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the data is viewed. Successful exploitation requires that the target user has valid administrator credentials. Updated Packages ================ Check if you have joomla installed: # pacman-g2 -Q joomla If found, then you should upgrade to the latest version: # pacman-g2 -Sy joomla -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGpNRcZ7NElSD1VhkRAmsvAJsE8FXTstmmXJTlcLFYW0SbSYup1gCeISmP 3g0YZcpqShfTJEM4+yi2QeI= =Vur7 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jul 26 00:34:59 2007 From: noreply at frugalware.org (vmiklos) Date: Thu Jul 26 00:35:02 2007 Subject: [Frugalware-security] [ FSA-224 ] kernel Message-ID: <20070725223459.7E46413A41AF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-224 Date: 2007-07-26 Package: kernel Vulnerable versions: <= 2.6.20-5terminus7 Unaffected versions: >= 2.6.20-5terminus8 Related bugreport: http://bugs.frugalware.org/task/2235 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3107 Description =========== Security issues have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) The USBLCD driver does not limit the memory consumption during writes to the device. This can be exploited to cause an out-of-memory condition by writing a large amount of data to an affected device. Successful exploitation requires write access to a device using the driver. 2) A vulnerability is caused due to an error within the "decode_choice()" function in net/netfilter/bf_conntrack_h323_asn1.c when handling choices that are still encoded in the fixed-size bitfield. This can be exploited to cause access to undefined types, resulting in a crash. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGp9ATZ7NElSD1VhkRAqqwAJwI/4E6SD+q323tXAcqriQtRY/KvACeLF1r VrQVKVpRwPD42Vy9+T5MA1U= =ohAv -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jul 26 10:27:33 2007 From: noreply at frugalware.org (vmiklos) Date: Thu Jul 26 10:27:36 2007 Subject: [Frugalware-security] [ FSA-225 ] j2re Message-ID: <20070726082733.74A8B13A41C1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-225 Date: 2007-07-26 Package: j2re Vulnerable versions: <= 6-2 Unaffected versions: >= 6-3terminus1 Related bugreport: http://bugs.frugalware.org/task/2254 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716 Description =========== A vulnerability has been reported in Sun Java Web Start, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the Java Web Start component (javaws.exe) when processing JNLP files. This can be exploited to cause a stack-based buffer overflow via a specially crafted JNLP file with an overly long codebase attribute. Successful exploitation allows execution of arbitrary code e.g. when a user visits a malicious website. Updated Packages ================ Check if you have j2re installed: # pacman-g2 -Q j2re If found, then you should upgrade to the latest version: # pacman-g2 -Sy j2re -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGqFr1Z7NElSD1VhkRAguoAJ9fzRkOCThvZpEXBRDA4+18KoPYjwCgiLT0 nwtvEEQ3YCYanoSjT8S4BSU= =Hqky -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Jul 26 10:31:46 2007 From: noreply at frugalware.org (vmiklos) Date: Thu Jul 26 10:31:48 2007 Subject: [Frugalware-security] [ FSA-226 ] j2sdk Message-ID: <20070726083146.E25F513A41C1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-226 Date: 2007-07-26 Package: j2sdk Vulnerable versions: <= 6-1 Unaffected versions: >= 6-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2255 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3716 Description =========== Brad Hill has reported a vulnerability in Sun JDK and JRE, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when processing XSLT stylesheets contained in XSLT Transforms in XML signatures. This can be exploited to execute arbitrary code when an application processes a specially crafted XML signature. Updated Packages ================ Check if you have j2sdk installed: # pacman-g2 -Q j2sdk If found, then you should upgrade to the latest version: # pacman-g2 -Sy j2sdk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGqFvyZ7NElSD1VhkRAoDEAJ9ft3XNQme6zI8npMa6Nr7plx43hgCgkeHt Cs2yd62KlydfoesVdAJ2BbY= =MZhM -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Jul 28 15:30:43 2007 From: noreply at frugalware.org (vmiklos) Date: Sat Jul 28 15:30:45 2007 Subject: [Frugalware-security] [ FSA-227 ] lighttpd Message-ID: <20070728133043.506041A680D1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-227 Date: 2007-07-28 Package: lighttpd Vulnerable versions: <= 1.4.13-3terminus1 Unaffected versions: >= 1.4.16-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2271 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3946 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3948 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3949 ttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3950 Description =========== Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially to compromise a vulnerable system. 1) An error in the processing of HTTP headers can be exploited to cause a DoS by sending duplicate HTTP headers with a trailing whitespace character. 2) An error in mod_auth can be exploited to cause a DoS by sending requests with the algorithm set to "MD5-sess" and without a cnonce. 3) An error when parsing Auth-Digest headers in mod_auth can potentially be exploited to cause a DoS by sending multiple whitespace characters. 4) An error exists in the mechanism that limits the number of active connections. This can be exploited to cause a DoS. 5) An error exists in the processing of HTTP requests. This can be exploited to access restricted files by adding a "/" to an URL. 6) An error exists in mod_scgi. This can be exploited to cause a DoS by sending a SCGI request and closing the connection while lighttpd processes the request. 7) The return value of "base64_decode" in mod_auth was not checked properly when parsing the credentials for basic authentication, which could lead to accessing uninitialized memory. 8) An error in the header parsing code can lead to access of memory outside of the original boundaries and can cause a memory corruption. Successful exploitation of this vulnerability can potentially be exploited to execute arbitrary code. Updated Packages ================ Check if you have lighttpd installed: # pacman-g2 -Q lighttpd If found, then you should upgrade to the latest version: # pacman-g2 -Sy lighttpd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGq0UDZ7NElSD1VhkRAiWYAJ9EwPbWrqq1gwWchK0n9RlJ76Ot2QCcD5CB q2/h+9lv4qCq/YimLD8sLCA= =XvjT -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 29 14:29:55 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 29 14:29:58 2007 Subject: [Frugalware-security] [ FSA-228 ] kvirc Message-ID: <20070729122955.BC11E1E6865F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-228 Date: 2007-07-29 Package: kvirc Vulnerable versions: <= 3.2.0-2 Unaffected versions: >= 3.2.5-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2214 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951 Description =========== Secunia Research has discovered a vulnerability in KVIrc, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "parseIrcUrl()" function in src/kvirc/kernel/kvi_ircurl.cpp not properly sanitising parts of the URI when building the command for KVIrc's internal script system. This can be exploited to inject and execute commands for the KVIrc script system (including the "run" command, which can be leveraged to execute shell commands) by e.g. tricking a user into opening a malicious "irc://" (or similar URI like "irc6://") URI. Successful exploitation requires that KVIrc is the default handler for "irc://" or similar URIs. Updated Packages ================ Check if you have kvirc installed: # pacman-g2 -Q kvirc If found, then you should upgrade to the latest version: # pacman-g2 -Sy kvirc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGrIhDZ7NElSD1VhkRAmGAAJ478t0UAIMKOoWxSqB0dKFjau2W0gCfR8ko E6vEWTzqsPrNvSq+Kw7u+sg= =V6u9 -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 29 15:54:42 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 29 15:54:46 2007 Subject: [Frugalware-security] [ FSA-229 ] c-ares Message-ID: <20070729135442.C97F41E68661@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-229 Date: 2007-07-29 Package: c-ares Vulnerable versions: <= 1.3.2-2 Unaffected versions: >= 1.4.0-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2159 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3152 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3153 Description =========== A vulnerability has been reported in c-ares, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed. Updated Packages ================ Check if you have c-ares installed: # pacman-g2 -Q c-ares If found, then you should upgrade to the latest version: # pacman-g2 -Sy c-ares -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGrJwiZ7NElSD1VhkRAvftAJ44+cA1k9fdloRtPgTVWG6NDQv4iACgpaiG mK7OoyX1M6UVTIdFsNQiOkA= =EIBx -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 29 16:45:16 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 29 16:45:19 2007 Subject: [Frugalware-security] [ FSA-230 ] perl-net-dns Message-ID: <20070729144516.421E11E6865F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-230 Date: 2007-07-29 Package: perl-net-dns Vulnerable versions: <= 0.59-1 Unaffected versions: >= 0.60-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2217 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3409 Description =========== Two vulnerabilities have been reported in the Net::DNS Perl module, which can be exploited to poison the DNS cache or to cause a DoS (Denial of Service). 1) An error exists in the handling of DNS queries where IDs are incremented with a fixed value and are additionally used for child processes in a forking server. This can be exploited to poison the DNS cache of an application using the module if a valid ID is guessed. 2) An error in the PP implementation within the "dn_expand()" function can be exploited to cause a stack overflow due to an endless loop via a specially crafted DNS packet. Updated Packages ================ Check if you have perl-net-dns installed: # pacman-g2 -Q perl-net-dns If found, then you should upgrade to the latest version: # pacman-g2 -Sy perl-net-dns -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGrKf8Z7NElSD1VhkRAtu7AJ4rRRxwU6doge/mCWqftWlzEnD/vACgpXvG 08Dxm8Zrkk/L+u+GmMGAcuE= =NvcN -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 29 17:15:34 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 29 17:15:37 2007 Subject: [Frugalware-security] [ FSA-231 ] tcpdump Message-ID: <20070729151534.478E01E68589@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-231 Date: 2007-07-29 Package: tcpdump Vulnerable versions: <= 3.9.5-2 Unaffected versions: >= 3.9.5-3terminus1 Related bugreport: http://bugs.frugalware.org/task/2270 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 Description =========== mu-b has reported a vulnerability in tcpdump, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the incorrect use of the return value of "snprintf()" in print-bgp.c. This can be exploited to cause a buffer overflow by sending specially crafted BGP packets. Successful exploitation may allow the execution of arbitrary code. Updated Packages ================ Check if you have tcpdump installed: # pacman-g2 -Q tcpdump If found, then you should upgrade to the latest version: # pacman-g2 -Sy tcpdump -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGrK8WZ7NElSD1VhkRAqMOAJ9qnSrWSsMyUkY0DNH966Q+LYDvSgCgh4Kv eKs21g84UlIH/AruD+3FdVE= =S+vx -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Jul 29 19:14:11 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Jul 29 19:14:15 2007 Subject: [Frugalware-security] [ FSA-232 ] libarchive Message-ID: <20070729171411.B91FD1E68589@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-232 Date: 2007-07-29 Package: libarchive Vulnerable versions: <= 1.3.1-2 Unaffected versions: >= 1.3.1-3terminus1 Related bugreport: http://bugs.frugalware.org/task/2258 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645 Description =========== Some vulnerabilities have been reported in libarchive, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerabilities are caused due to a NULL pointer dereference, an infinite loop, and a buffer overflow when processing certain malformed pax extension headers. These can be exploited to crash an application, cause a high CPU load or potentially execute arbitrary code by tricking a user or automated system to process a specially crafted archive file with an application using the library. Updated Packages ================ Check if you have libarchive installed: # pacman-g2 -Q libarchive If found, then you should upgrade to the latest version: # pacman-g2 -Sy libarchive -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGrMrjZ7NElSD1VhkRAgQaAKCVAEd9/8ZgWEppJ0iVkc7pIzckUwCgi/qF R5RscDN8Sm2S710I8IViizA= =EUeM -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Jul 30 18:15:41 2007 From: noreply at frugalware.org (vmiklos) Date: Mon Jul 30 18:15:45 2007 Subject: [Frugalware-security] [ FSA-233 ] bind Message-ID: <20070730161541.B6AC613A400D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-233 Date: 2007-07-30 Package: bind Vulnerable versions: <= 9.4.1-1terminus2 Unaffected versions: >= 9.4.1-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2285 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 Description =========== Amit Klein has reported a vulnerability in BIND, which can be exploited by malicious people to poison the DNS cache. The vulnerability is caused due to predictable query IDs in outgoing queries (e.g. if BIND works as resolver or when sending NOTIFYs to slaves) and can be exploited to poison the DNS cache when the query ID is guessed. Reportedly, the chance to guess the next query ID for 50% of the queries (if the query ID is even) is 1 to 8. Updated Packages ================ Check if you have bind installed: # pacman-g2 -Q bind If found, then you should upgrade to the latest version: # pacman-g2 -Sy bind -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGrg6tZ7NElSD1VhkRAsd9AJ4yyOaTTtLXzUkjGvUDzIvfFhtskACgjqsI 08xupey1xSqIxPcwNmFBHyY= =etXQ -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Jul 31 20:55:58 2007 From: noreply at frugalware.org (vmiklos) Date: Tue Jul 31 20:56:02 2007 Subject: [Frugalware-security] [ FSA-234 ] gimp Message-ID: <20070731185558.C350F13A401F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-234 Date: 2007-07-31 Package: gimp Vulnerable versions: <= 2.2.13-2terminus1 Unaffected versions: >= 2.2.13-2terminus2 Related bugreport: http://bugs.frugalware.org/task/2237 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2949 Description =========== Some vulnerabilities have been reported in Gimp, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow exists within the function "seek_to_and_unpack_pixeldata()" in plug-ins/common/psd.c. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file with large width or height values. 2) Multiple integer overflows exist within the DICOM, PNM, PSD, PSP, Sun RAS, XBM, and XWD loader plugins. These can potentially be exploited to cause a heap-based buffer overflow by tricking a user into opening specially crafted image files. Successful exploitation may allow execution of arbitrary code. Updated Packages ================ Check if you have gimp installed: # pacman-g2 -Q gimp If found, then you should upgrade to the latest version: # pacman-g2 -Sy gimp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGr4W+Z7NElSD1VhkRAq9UAJ9UWDrexkA13/0x7R/bIQKbLqz+owCfbVkO dw2dfB10XD1PW5lpaKi0fvM= =i91d -----END PGP SIGNATURE-----