From noreply at frugalware.org Fri Mar 2 12:17:15 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Mar 2 12:17:21 2007 Subject: [Frugalware-security] [ FSA-126 ] nss Message-ID: <20070302111715.E102D13A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-126 Date: 2006-03-02 Package: nss Vulnerable versions: <= 3.11.3-2siwenna1 Unaffected versions: >= 3.11.3-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1756 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009 Description =========== Two vulnerabilities have been reported in Network Security Services (NSS), which potentially can be exploited by malicious people to compromise a vulnerable system. 1) An integer underflow error when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the "Master Secret". 2) An integer underflow error when processing SSLv2 client master keys can be exploited to cause a stack-based buffer overflow via specially crafted parameters during an SSLv2 handshake. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Updated Packages ================ Check if you have nss installed: # pacman -Q nss If found, then you should upgrade to the latest version: # pacman -Sy nss -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF6Ae7Z7NElSD1VhkRApG3AJ43WwyCjzS1rH4rciwTM0PdTdPyWACdH65O dvhwH/ud8pKD+bvtyxOZ95E= =+rGo -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Mar 2 20:00:38 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Mar 2 20:00:43 2007 Subject: [Frugalware-security] [ FSA-127 ] seamonkey Message-ID: <20070302190039.0B41913A400F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-127 Date: 2007-03-02 Package: seamonkey Vulnerable versions: <= 1.0.7-1siwenna1 Unaffected versions: >= 1.0.8-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1755 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 Description =========== Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system. 1) An error in the handling of the "locations.hostname" DOM property can be exploited to bypass certain security restrictions. 2) An integer underflow error in the Network Security Services (NSS) code when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the "Master Secret". Successful exploitation may allow execution of arbitrary code. 3) It is possible to conduct cross-site scripting attacks against sites containing a frame with a "data:" URI as source. Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup. 4) It is possible to open windows containing local files thereby stealing the contents when the full path of a locally saved file containing malicious script code is known. This can be exploited in combination with a flaw in the seeding of the pseudo-random number generator causing downloaded files to be saved to temporary files with a somewhat predictable name. Successful exploitation requires that a user is tricked into visiting a malicious website and opening a blocked popup. 5) Browser UI elements like the host name and security indicators can be spoofed using a specially crafted custom cursor and manipulating the CSS3 hotspot property. 6) It may be possible to gain knowledge of sensitive information from a website due to an error resulting in two web pages colliding in the disk cache thereby potentially appending part of one document to the other. Successful exploitation requires that a user is tricked into visiting a malicious website while visiting the target website. 7) Various errors in the Mozilla parser when handling invalid trailing characters in HTML tag attribute names and during processing of UTF-7 content when child frames inherit the character set of its parent window can be exploited to conduct cross-site scripting attacks. 8) A vulnerability in the Password Manager may be exploited to conduct phishing attacks. 9) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system. 10) An error within the handling of the onUnload event handler and self-modifying document.write() calls can be exploited to corrupt memory and potentially execute arbitrary code. Updated Packages ================ Check if you have seamonkey installed: # pacman -Q seamonkey If found, then you should upgrade to the latest version: # pacman -Sy seamonkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF6HRWZ7NElSD1VhkRAmrmAJ9++Isovjan0DMSlb8wAhIjxSPmhgCfWEaY leiALvEUInPAabPthnu6vNo= =1BHb -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Mar 7 13:40:00 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Mar 7 13:40:04 2007 Subject: [Frugalware-security] [ FSA-128 ] thunderbird Message-ID: <20070307124000.690141670010@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-128 Date: 2007-03-07 Package: thunderbird Vulnerable versions: <= 1.5.0.9-1siwenna1 Unaffected versions: >= 1.5.0.10-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1754 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1282 Description =========== Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. 1) An integer overflow within the handling of emails formatted as text/richtext or text/enhanced may be exploited to execute arbitrary code, but requires that a malicious email includes a 400 megabyte long line. 2) An integer underflow error in the Network Security Services (NSS) code when processing SSLv2 server messages can be exploited to cause a heap-based buffer overflow via a certificate with a public key too small to encrypt the "Master Secret". Successful exploitation may allow execution of arbitrary code. 3) Multiple memory corruption errors exist in the layout engine, JavaScript engine, and in SVG. Some of these may be exploited to execute arbitrary code on a user's system. Updated Packages ================ Check if you have thunderbird installed: # pacman -Q thunderbird If found, then you should upgrade to the latest version: # pacman -Sy thunderbird -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF7rKgZ7NElSD1VhkRAuHMAJ4s3z9xWHrkwE/Kpq+9Y1aYyqIkEACfZ8ka xtCAqJQFtVU9qwLO/qAyx08= =NxIM -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Mar 7 13:46:15 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Mar 7 13:46:19 2007 Subject: [Frugalware-security] [ FSA-129 ] dropbear Message-ID: <20070307124615.8556B1670010@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-129 Date: 2007-03-07 Package: dropbear Vulnerable versions: <= 0.48.1-2 Unaffected versions: >= 0.49-1siwenna1 Related bugreport: http://bugs.frugalware.org/task/1761 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1099 Description =========== A weakness has been reported in Dropbear, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to Dropbear not warning users sufficiently if a hostkey changed, which makes it easier for attackers to e.g. conduct man-in-the-middle attacks. Updated Packages ================ Check if you have dropbear installed: # pacman -Q dropbear If found, then you should upgrade to the latest version: # pacman -Sy dropbear -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF7rQXZ7NElSD1VhkRAvt+AJsFTv6EKpku9Es/LFWCxE7A9dUwtQCgksh+ hDPlRpeLVvV38+dpyYIPIGc= =ofJK -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Mar 7 13:52:39 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Mar 7 13:52:40 2007 Subject: [Frugalware-security] [ FSA-130 ] phpmyadmin Message-ID: <20070307125239.12F431670010@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-130 Date: 2007-03-07 Package: phpmyadmin Vulnerable versions: <= 2.9.2-1siwenna1 Unaffected versions: >= 2.9.2-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1769 CVE: There is no CVE for this issue, see: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3 Description =========== Stefan Esser from the Hardened-PHP Project is publishing the Month of PHP Bugs. One of these PHP bugs can be triggered by phpMyAdmin which uses a recursive function in its normal operation. Updated Packages ================ Check if you have phpmyadmin installed: # pacman -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman -Sy phpmyadmin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF7rWWZ7NElSD1VhkRAnNxAJ44Y5zncAe4uVTobcx2ZQjJQUEo/wCeLKTk DbgVboPo1EOCl75FUxsYu/A= =0ei7 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Mar 8 23:51:56 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Mar 8 23:51:59 2007 Subject: [Frugalware-security] [ FSA-131 ] blender Message-ID: <20070308225156.C4CF21670009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-131 Date: 2007-03-08 Package: blender Vulnerable versions: <= 2.42a-2 Unaffected versions: >= 2.42a-3siwenna1 Related bugreport: http://bugs.frugalware.org/task/1778 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1253 Description =========== Secunia Research has discovered a vulnerability in Blender, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the insecure use of the "eval()" function in kmz_ImportWithMesh.py. This can be exploited to execute arbitrary Python commands by tricking a user into importing a specially crafted "*.kml" or "*.kmz" file. Updated Packages ================ Check if you have blender installed: # pacman -Q blender If found, then you should upgrade to the latest version: # pacman -Sy blender -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF8JOMZ7NElSD1VhkRAtGTAJsHDKf3fPd7W1IiKilcIHeZ/lxvVgCfejLW 7A98vpUyIU6dLBYIbL7i/DQ= =y24E -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Mar 9 19:00:37 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Mar 9 19:00:40 2007 Subject: [Frugalware-security] [ FSA-132 ] tcpdump Message-ID: <20070309180037.D3BE21670009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-132 Date: 2007-03-09 Package: tcpdump Vulnerable versions: <= 3.9.4-1 Unaffected versions: >= 3.9.4-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1779 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1218 Description =========== Moritz Jodeit has reported a vulnerability in tcpdump, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the "parse_elements()" function in print-802.11.c. This can be exploited to cause a one byte buffer overflow via a specially crafted 802.11 frame. Updated Packages ================ Check if you have tcpdump installed: # pacman -Q tcpdump If found, then you should upgrade to the latest version: # pacman -Sy tcpdump -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF8aDFZ7NElSD1VhkRApUmAJ45jFA4pMcd7/ZR/ysB0egzCZz9NQCdHX+k 2xs4ecH4xZnMfY3fr6UzaCo= =LTHx -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Mar 15 20:00:14 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Mar 15 20:00:19 2007 Subject: [Frugalware-security] [ FSA-133 ] gnupg Message-ID: <20070315190014.5C0E213A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-133 Date: 2007-03-15 Package: gnupg Vulnerable versions: <= 1.4.5-3siwenna1 Unaffected versions: >= 1.4.5-4siwenna1 Related bugreport: http://bugs.frugalware.org/task/1784 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263 Description =========== Gerardo Richarte from Core Security Technologies identified a problem when using GnuPG in streaming mode. The problem is actually a variant of a well known problem in the way signed material is presented in a MUA. It is possible to insert additional text before or after a signed (or signed and encrypted) OpenPGP message and make the user believe that this additional text is also covered by the signature. Updated Packages ================ Check if you have gnupg installed: # pacman -Q gnupg If found, then you should upgrade to the latest version: # pacman -Sy gnupg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF+Ze+Z7NElSD1VhkRAoTPAJ0UL8QLmt3YfMC9xDjN9R/eCbKyIgCgixHZ Z8nKFZcgKgsrp9N8FEazMao= =gF53 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Mar 15 20:10:17 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Mar 15 20:10:20 2007 Subject: [Frugalware-security] [ FSA-134 ] gpgme Message-ID: <20070315191017.CD12D13A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-134 Date: 2007-03-15 Package: gpgme Vulnerable versions: <= 1.0.3-1 Unaffected versions: >= 1.0.3-2siwenna1 Related bugreport: http://bugs.frugalware.org/task/1785 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1263 Description =========== Many applications are using the library GPGME which implements an easy way to process OpenPGP messages using gpg. We have updated GPGME to make it immune against problem mentioned in FSA-133 even if an old version of gpg is being used. Updated Packages ================ Check if you have gpgme installed: # pacman -Q gpgme If found, then you should upgrade to the latest version: # pacman -Sy gpgme -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFF+ZoZZ7NElSD1VhkRAmtOAJ0SzX2E+poDzUB5aAW3PlExtBHBigCcDlFK CzlGOPYV1DBvZb/IG5WzQDs= =hJnP -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Mar 23 19:44:46 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Mar 23 19:44:48 2007 Subject: [Frugalware-security] [ FSA-135 ] mplayer Message-ID: <20070323184446.AD0C21E6806F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-135 Date: 2007-03-23 Package: mplayer Vulnerable versions: <= mplayer-1.0rc1-3 Unaffected versions: >= mplayer-1.0rc1-4terminus1 Related bugreport: http://bugs.frugalware.org/1838 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1246 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1387 Description =========== Some vulnerabilities have been reported in MPlayer, which can potentially be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors in the "DMO_VideoDecoder_Open()" function in loader/dmo/DMO_VideoDecoder.c and in the "DS_VideoDecoder_Open()" function in loader/dshow/DS_VideoDecoder.c. These can be exploited to cause heap-based buffer overflows and may allow execution of arbitrary code via a specially crafted media file. Updated Packages ================ Check if you have mplayer installed: # pacman -Q mplayer If found, then you should upgrade to the latest version: # pacman -Sy mplayer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGBCAeZ7NElSD1VhkRAqhTAJ9eWV+jRbTJqv24cPPAX7X3IO8wGQCgiF3z 7sJ7NLy4is6DigJaHYpkRCk= =ujDn -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Mar 24 21:17:41 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Mar 24 21:17:42 2007 Subject: [Frugalware-security] [ FSA-136 ] libwpd Message-ID: <20070324201741.3319316E800E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-136 Date: 2007-03-24 Package: libwpd Vulnerable versions: <= 0.8.8-1 Unaffected versions: >= 0.8.9-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1842 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466 Description =========== Some vulnerabilities have been reported in libwpd, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise an application using the library. 1) An integer overflow within the "WP6GeneralTextPacket::_readContents" function can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted WordPerfect document in an application using the library. 2) Boundary errors within the "WP3TablesGroup::_readContents()" and "WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup()" functions can be exploited to cause heap-based buffer overflows by e.g. tricking a user into opening a specially crafted WordPerfect document in an application using the library. Successful exploitation may allow the execution of arbitrary code. Updated Packages ================ Check if you have libwpd installed: # pacman -Q libwpd If found, then you should upgrade to the latest version: # pacman -Sy libwpd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGBYdlZ7NElSD1VhkRAgtkAKCYWwm0WL4zcFXHX700hyMo6s/KgwCfX3/7 +cf9Xt6GLQ3LxdGetfinu+k= =Ndtu -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Mar 26 17:42:54 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Mar 26 17:42:56 2007 Subject: [Frugalware-security] [ FSA-137 ] firefox Message-ID: <20070326154254.C66651E680BB@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-137 Date: 2007-03-26 Package: firefox Vulnerable versions: <= 2.0.0.2-1 Unaffected versions: >= 2.0.0.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1850 CVE: There is no CVE for this issue, see: http://www.mozilla.org/security/announce/2007/mfsa2007-11.html Description =========== The FTP protocol includes the PASV (passive) command which is used by Firefox to request an alternate data port. The specification of the FTP protocol allows the server response to include an alternate server address as well, although this is rarely used in practice. mark@bindshell.net reported that a malicious web page hosted on a specially-coded FTP server could use this feature to perform a rudimentary port-scan of machines inside the firewall of the victim. By itself this causes no harm, but information about an internal network may be useful to an attacker should there be other vulnerabilities present on the network. Updated Packages ================ Check if you have firefox installed: # pacman -Q firefox If found, then you should upgrade to the latest version: # pacman -Sy firefox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGB+n+Z7NElSD1VhkRAl5HAJ42Oikn1TFVVxB4f12mJDo04erY9ACfRibC n/v5EvAj6KuF4pqQ4GfwhEY= =BNg0 -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Mar 26 17:50:41 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Mar 26 17:50:44 2007 Subject: [Frugalware-security] [ FSA-138 ] squid Message-ID: <20070326155041.CF3861E680BB@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-138 Date: 2007-03-26 Package: squid Vulnerable versions: <= 2.6.STABLE10-1 Unaffected versions: >= 2.6.STABLE12-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1855 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1560 Description =========== A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the processing of TRACE requests in squid/src/client_side.c. This can be exploited to crash the service via a specially crafted TRACE request. Updated Packages ================ Check if you have squid installed: # pacman -Q squid If found, then you should upgrade to the latest version: # pacman -Sy squid -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGB+vRZ7NElSD1VhkRAvkvAJwI5j/bM1Gj0Bv/WArwkmnDbgs1ugCeL2oz 0aLXMIOiBtamW/ZzCK4g0MU= =mgri -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Mar 28 12:23:19 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Mar 28 12:23:21 2007 Subject: [Frugalware-security] [ FSA-139 ] kernel Message-ID: <20070328102319.1A35213A40A1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-139 Date: 2007-03-28 Package: kernel Vulnerable versions: <= 2.6.20-4 Unaffected versions: >= 2.6.20-5terminus1 Related bugreport: http://bugs.frugalware.org/task/1858 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1592 Description =========== Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) Listening IPv6 TCP sockets are incorrectly sharing the "ipv6_fl_socklist" IPv6 flowlist with child sockets. This can be exploited to e.g. cause a kernel crash by performing certain actions on IPv6 TCP sockets. 2) The "hrtimer_forward()" does not correctly check for "timer->expires" overflows on 64bit machines. This can be exploited to cause a DoS by using very large timer values. Successful exploitation may require a 64bit machine and that high resolution timers are enabled. 3) A NULL pointer dereference within the "do_ipv6_setsockopt()" function in net/ipv6/ipv6_sockglue.c can be exploited to cause a kernel crash by calling "setsockopt()" with malicious parameters. Updated Packages ================ Check if you have kernel installed: # pacman -Q kernel If found, then you should upgrade to the latest version: # pacman -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGCkIXZ7NElSD1VhkRAhO2AJ9/GuLZPBl4DTTPECSQ0oZtNB3zZACeMT5V /88GbWhXDV9/0oVQ6DyD8s4= =RTts -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Mar 28 12:31:11 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Mar 28 12:31:13 2007 Subject: [Frugalware-security] [ FSA-140 ] inkscape Message-ID: <20070328103111.C0FA713A40A1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-140 Date: 2007-03-28 Package: inkscape Vulnerable versions: <= 0.45-1 Unaffected versions: >= 0.45.1-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1857 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1463 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1464 Description =========== Some vulnerabilities have been reported in Inkscape, which potentially can be exploited by malicious people to compromise a user's system. 1) A format string error exists in certain dialogs. This can be exploited to execute arbitrary code by tricking the user into opening a specially crafted URI containing format string specifiers. 2) A format string error exists in the Whiteboard Jabber client, which potentially can be exploited to execute arbitrary code. Successful exploitation requires that the user is logged in to a Jabber server. Updated Packages ================ Check if you have inkscape installed: # pacman -Q inkscape If found, then you should upgrade to the latest version: # pacman -Sy inkscape -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGCkPvZ7NElSD1VhkRApPCAJ96DaEIlTxKiNaGDAfoCLdh/nU4/ACcDb3w 8UgNHGKKy2AUhP7C6JT8bD0= =Q0Nc -----END PGP SIGNATURE----- From noreply at frugalware.org Wed Mar 28 18:46:43 2007 From: noreply at frugalware.org (voroskoi) Date: Wed Mar 28 18:46:45 2007 Subject: [Frugalware-security] [ FSA-141 ] nas Message-ID: <20070328164643.E90E713A40A0@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-141 Date: 2007-03-28 Package: nas Vulnerable versions: <= 1.8-1 Unaffected versions: >= 1.8-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1843 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1545 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1546 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1547 Description =========== Luigi Auriemma has reported some vulnerabilities in Network Audio System, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to cause a DoS (Denial of Service). 1) A boundary error within "accept_att_local()" in server/os/connection.c can be exploited to cause a stack-based buffer overflow via an overly long (greater than 64 bytes) slave name in a USL connection. Successful exploitation may allow malicious, local users to gain root privileges. 2) An input validation error within "AddResource()" in server/dia/resource.c can be exploited to cause the service to crash via a specially crafted packet with an invalid client ID. 3) An integer-overflow error within "ProcAuWriteElement()" in server/dia/audispatch.c can be exploited to cause the service to crash via a specially crafted packet with an overly large max_samples value. 4) A boundary error within "ProcAuSetElements()" in server/dia/audispatch.c can be exploited to cause the service to crash via a specially crafted packet with an overly large num_actions or numElements value. 5) An input validation error within "compileInputs()" in server/dia/auutil.c can be exploited to cause the service to crash via a specially crafted packet with an invalid element number. 6) A NULL-pointer dereference error when processing simultaneous connections can be exploited to cause the service to crash. Updated Packages ================ Check if you have nas installed: # pacman -Q nas If found, then you should upgrade to the latest version: # pacman -Sy nas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGCpvzZ7NElSD1VhkRAhuWAKCoaJXNoHc4An8DcVY5pH+scwbk3gCeLLtp 0odJRiop6zBGOdCwYLU8V+U= =yu3x -----END PGP SIGNATURE-----