From noreply at frugalware.org Sat May 5 16:53:26 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 5 16:53:28 2007 Subject: [Frugalware-security] [ FSA-162 ] phpmyadmin Message-ID: <20070505145326.98697176801C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-162 Date: 2007-05-05 Package: phpmyadmin Vulnerable versions: <= 2.10.0.2-1 Unaffected versions: >= 2.10.1-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1984 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2245 Description =========== Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "fieldkey" parameter in browse_foreigners.php and input passed to the "PMA_sanitize()" function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have phpmyadmin installed: # pacman -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman -Sy phpmyadmin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGPJpmZ7NElSD1VhkRAhpOAJwKmFTF8sOi7tQrO1gQdzcxIsbNFQCfW0Qj ZXi93HbBUtDpMGcbQC2qKNs= =Ia7R -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 5 20:27:00 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 5 20:27:02 2007 Subject: [Frugalware-security] [ FSA-163 ] lesstif Message-ID: <20070505182700.C7C9E176801C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-163 Date: 2007-05-05 Package: lesstif Vulnerable versions: <= 0.95.0-1 Unaffected versions: >= 0.95.0-2terminus1 Related bugreport: http://bugs.frugalware.org/task/1967 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0605 Description =========== The XPM library's scan.c file may allow attackers to execute arbitrary code by crafting a malicious XPM image file containing a negative bitmap_unit value that provokes a buffer overflow. Updated Packages ================ Check if you have lesstif installed: # pacman -Q lesstif If found, then you should upgrade to the latest version: # pacman -Sy lesstif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGPMx0Z7NElSD1VhkRAumaAJ4uXHPT/c8uFZUltYzPiSNCeolgkgCdFcvf ZTbbCW3EYgYLvlGA8umXbWI= =ImWO -----END PGP SIGNATURE----- From noreply at frugalware.org Mon May 7 22:12:17 2007 From: noreply at frugalware.org (voroskoi) Date: Mon May 7 22:12:19 2007 Subject: [Frugalware-security] [ FSA-164 ] ktorrent Message-ID: <20070507201217.402601A6803D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-164 Date: 2007-05-07 Package: ktorrent Vulnerable versions: <= 2.1.2-1 Unaffected versions: >= 2.1.4-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2012 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1384 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1385 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1799 Description =========== Two vulnerabilities have been reported in KTorrent, which can be exploited by malicious people to overwrite arbitrary files on a user's system or to potentially compromise a user's system. 1) An input validation error when processing paths of filenames within torrents can be exploited to e.g. overwrite arbitrary files with the privileges of the user running the application via directory traversal attacks. 2) An error in the processing of messages with invalid chunk indexes can be exploited to corrupt memory and may allow execution of arbitrary code. Updated Packages ================ Check if you have ktorrent installed: # pacman -Q ktorrent If found, then you should upgrade to the latest version: # pacman -Sy ktorrent -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGP4ghZ7NElSD1VhkRAjbqAJ0Q/pCAmSNb8kKJR/ePf9zPQtEDvgCePrDr bbAJu7fDGXUOPABmdj/KzV4= =Y2ev -----END PGP SIGNATURE----- From noreply at frugalware.org Wed May 9 22:41:10 2007 From: noreply at frugalware.org (voroskoi) Date: Wed May 9 22:41:11 2007 Subject: [Frugalware-security] [ FSA-165 ] smb4k Message-ID: <20070509204110.47F611A680C2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-165 Date: 2007-05-09 Package: smb4k Vulnerable versions: <= 0.8.0-1 Unaffected versions: >= 0.8.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1935 CVE: There is no CVE for this issue, see https://developer.berlios.de/project/shownotes.php?release_id=12615 Description =========== Ben Hutchings discovered the following security weaknesses in the utility programs: Due to insufficient sanitation, smb4k_mount allowed an user to mount any (local) device if the program was used in combination with sudo or super. The function findprog(), which was in present smb4k_mount, smb4k_umount, and smb4k_kill, returned a pointer to memory that was freed when the function exited. The function replace_special_characters(), that was present in smb4k_mount and smb4k_umount, returned a pointer to memory that was freed after the function exited. Additionally, it didn't replace the hyphen. Updated Packages ================ Check if you have smb4k installed: # pacman -Q smb4k If found, then you should upgrade to the latest version: # pacman -Sy smb4k -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGQjHmZ7NElSD1VhkRAr6iAJ4yVOazIAHiRwIdHvsJ+PF02NGqHACeI6tT z49ahq1nRlqXWGOqgD4x1Bc= =Pbj2 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu May 10 11:18:20 2007 From: noreply at frugalware.org (voroskoi) Date: Thu May 10 11:18:22 2007 Subject: [Frugalware-security] [ FSA-166 ] php Message-ID: <20070510091820.9D6281E68048@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-166 Date: 2007-05-10 Package: php Vulnerable versions: <= 5.2.1-2terminus1 Unaffected versions: >= 5.2.1-3terminus1 Related bugreport: http://bugs.frugalware.org/task/1962 http://bugs.frugalware.org/task/1841 http://bugs.frugalware.org/task/2014 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1521 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1484 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1900 Description =========== Ivan Fratric has reported a vulnerability in PHP, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow within the "readwbmp()" function in ext/gd/libgd/wbmp.c. This can be exploited to e.g. cause a DoS by tricking a PHP script into loading a specially crafted wbmp image. Stefan Esser has reported some vulnerabilities in PHP, which can be exploited by malicious users to compromise a vulnerable system. 1) A double free error within the "session_regenerate_id()" function can be exploited to execute arbitrary code with the privileges of the PHP interpreter. 2) An error in the "array_user_key_compare()" function where key references are incorrectly destroyed can be exploited to cause memory corruption. 3) An error exists within the "unserialize()" function when unserialising specially escaped S: data types. This can be exploited to e.g. disclose certain parts of the heap memory. A vulnerability is caused due to the use of an incorrect regular expression within the "FILTER_VALIDATE_EMAIL" filter of the ext/filter extension. This can be exploited to inject newlines via specially crafted email addresses, which may allow mail header injection. Also fixes the following MOPB vulnerabilities: http://www.php-security.org/MOPB/MOPB-10-2007.html http://www.php-security.org/MOPB/MOPB-14-2007.html http://www.php-security.org/MOPB/MOPB-26-2007.html http://www.php-security.org/MOPB/MOPB-34-2007.html http://www.php-security.org/MOPB/MOPB-41-2007.html Updated Packages ================ Check if you have php installed: # pacman -Q php If found, then you should upgrade to the latest version: # pacman -Sy php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGQuNcZ7NElSD1VhkRApWmAJ4hDl6dpudgdt9ibJ/suZz6A7r3rwCfdJbl /8nVAZBm8dc1JsoIG1RpcmM= =sDjo -----END PGP SIGNATURE----- From noreply at frugalware.org Thu May 10 13:54:30 2007 From: noreply at frugalware.org (voroskoi) Date: Thu May 10 13:54:31 2007 Subject: [Frugalware-security] [ FSA-167 ] proftpd Message-ID: <20070510115430.096F01E68048@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-167 Date: 2007-05-10 Package: proftpd Vulnerable versions: <= 1.3.0-6 Unaffected versions: >= 1.3.0-7terminus1 Related bugreport: http://bugs.frugalware.org/task/1981 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2165 Description =========== A security issue has been reported in ProFTPD, which potentially can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within ProFTPD's Auth API. If multiple authentication modules are used, it is possible that one module provides data, which is then authenticated against another module. This can e.g. be exploited to bypass certain security restrictions if authentication modules are configured with different policies. Updated Packages ================ Check if you have proftpd installed: # pacman -Q proftpd If found, then you should upgrade to the latest version: # pacman -Sy proftpd -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGQwf2Z7NElSD1VhkRAgAQAKCfqQNeFc6oSR9GXlGnnPeXwsyWvgCglg+K Xw/E5o7dBzqjZrHcSRaEqGQ= =HZz8 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu May 10 13:59:28 2007 From: noreply at frugalware.org (voroskoi) Date: Thu May 10 13:59:31 2007 Subject: [Frugalware-security] [ FSA-168 ] postgresql Message-ID: <20070510115928.2E7551E68048@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-168 Date: 2007-05-10 Package: postgresql Vulnerable versions: <= 8.2.3-1 Unaffected versions: >= 8.2.4-1terminus1 Related bugreport: http://bugs.frugalware.org/task/1983 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2138 Description =========== A security issue has been reported in PostgreSQL, which potentially can be exploited by malicious users to gain escalated privileges. The security issue is caused due to an error in SECURITY DEFINER functions and can be exploited to gain escalated privileges by modifying the search_path and using temporary objects. Updated Packages ================ Check if you have postgresql installed: # pacman -Q postgresql If found, then you should upgrade to the latest version: # pacman -Sy postgresql -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGQwkgZ7NElSD1VhkRAsoAAJ92woDI2tnQjVXkTYrid3QRQCYf0wCfT7n3 rc/b6O9YKp9MncbHtkfj8XA= =7a5y -----END PGP SIGNATURE----- From noreply at frugalware.org Thu May 10 14:23:16 2007 From: noreply at frugalware.org (voroskoi) Date: Thu May 10 14:23:18 2007 Subject: [Frugalware-security] [ FSA-169 ] truecrypt Message-ID: <20070510122316.ACFF61E68048@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-169 Date: 2007-05-10 Package: truecrypt Vulnerable versions: <= 4.3-1terminus1 Unaffected versions: >= 4.3-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2024 CVE: There is no CVE for this issue Description =========== When running without administrator privileges, TrueCrypt automatically attempts to elevate its access rights (if necessary) using the sudo command. The Linux version of TrueCrypt no longer supports the set-euid root mode of execution. These changes also prevent all discovered and undiscovered (if any) security issues related to the set-euid root mode of execution, including an issue affecting all previous Linux versions of TrueCrypt where a local non-administrator user could cause a denial of service or gain administrator privileges. Updated Packages ================ Check if you have truecrypt installed: # pacman -Q truecrypt If found, then you should upgrade to the latest version: # pacman -Sy truecrypt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGQw60Z7NElSD1VhkRAlLpAJ9ijaYEMDiYaP5nAKp/T9Dat/ZnewCgoBzW BZVs5sDnhR7skfWl0pDaq10= =tkuP -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 11:47:08 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 11:47:10 2007 Subject: [Frugalware-security] [ FSA-170 ] kernel Message-ID: <20070512094708.20AE21768095@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-170 Date: 2007-05-12 Package: kernel Vulnerable versions: <= 2.6.20-5terminus2 Unaffected versions: >= 2.6.20-5terminus3 Related bugreport: http://bugs.frugalware.org/task/2006 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1861 Description =========== Two vulnerabilities and a security issue have been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error exists within the processing of packets with IPv6 type 0 route headers. This can be exploited to cause a DoS due to high network traffic by sending specially crafted IPv6 packets to vulnerable systems. 2) A boundary error due to the use of RTA_MAX instead of RTN_MAX in dn_fib_props[] within dn_fib.c and in fib_props[] within fib_semantics.c can potentially be exploited to cause a DoS. 3) The vulnerability is caused due to an error within the handling of NETLINK_FIB_LOOKUP reply messages. This can be exploited to cause an infinite recursion, which could result in a stack overflow. Updated Packages ================ Check if you have kernel installed: # pacman -Q kernel If found, then you should upgrade to the latest version: # pacman -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRY0bZ7NElSD1VhkRAmrIAJ4zpchVH7kYq7FEkTDaK6m0IdLIPACfdc5d LHBJTdcxOBaV/SX7so8Utz8= =0SGL -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 11:53:18 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 11:53:20 2007 Subject: [Frugalware-security] [ FSA-171 ] unzip Message-ID: <20070512095318.580A91768095@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-171 Date: 2007-05-12 Package: unzip Vulnerable versions: <= 5.52-1 Unaffected versions: >= 5.52-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2026 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2475 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4667 Description =========== Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. Buffer overflow in UnZip allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. Updated Packages ================ Check if you have unzip installed: # pacman -Q unzip If found, then you should upgrade to the latest version: # pacman -Sy unzip -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRY6OZ7NElSD1VhkRAjQUAKCT/4KOtzMkn+Ol+e3bjlnnBryNogCfZKvh NCYuv2Dx0XX9cRYcD4WHDf8= =z1YM -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 11:57:16 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 11:57:18 2007 Subject: [Frugalware-security] [ FSA-172 ] elinks Message-ID: <20070512095716.6D43A1768095@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-172 Date: 2007-05-12 Package: elinks Vulnerable versions: <= 0.11.2-1 Unaffected versions: >= 0.11.2-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2031 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2027 Description =========== Arnaud Giersch has reported a weakness in ELinks, which potentially can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to the "add_filename_to_string()" function in src/intl/gettext/loadmsgcat.c reading gettext catalogs from potentially untrusted paths. This can be exploited to execute arbitrary code with escalated privileges by enticing another user to run ELinks in a specially prepared directory environment. Updated Packages ================ Check if you have elinks installed: # pacman -Q elinks If found, then you should upgrade to the latest version: # pacman -Sy elinks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRY98Z7NElSD1VhkRAlUFAKCj7GnA8NQSG7UA2qhoG7Lq9LPEIgCfR//s VLr06dVyUs5jT7K6YRYTw0o= =9OwE -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 12:08:23 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 12:08:25 2007 Subject: [Frugalware-security] [ FSA-173 ] bind Message-ID: <20070512100823.A47F41768095@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-173 Date: 2007-05-12 Package: bind Vulnerable versions: <= 9.4.0-1 Unaffected versions: >= 9.4.1-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2008 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2241 Description =========== A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when invoking the "query_addsoa()" function. This can be exploited to cause the nameserver to exit by sending a specially crafted sequence of queries. Successful exploitation requires that "recursion" is enabled. Updated Packages ================ Check if you have bind installed: # pacman -Q bind If found, then you should upgrade to the latest version: # pacman -Sy bind -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRZIXZ7NElSD1VhkRAqH0AJ4hJhMW1cZv4bGYwMVrn7mxyK0keACghb+K o1ILa3mjLsvry0iD2+DCRyY= =I3Rn -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 12:13:47 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 12:13:48 2007 Subject: [Frugalware-security] [ FSA-174 ] vim Message-ID: <20070512101347.B396B1768098@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-174 Date: 2007-05-12 Package: vim Vulnerable versions: <= 7.0-3 Unaffected versions: >= 7.0-4terminus1 Related bugreport: http://bugs.frugalware.org/task/2010 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2438 Description =========== Tomas Golembiovsky has discovered a vulnerability in Vim, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application allowing e.g. the "feedkeys()" function to be called in the sandbox. This can be exploited to execute arbitrary commands with privileges of the Vim user. Successful exploitation requires that the "modelines" option is enabled and the user is tricked into opening a malicious file. Updated Packages ================ Check if you have vim installed: # pacman -Q vim If found, then you should upgrade to the latest version: # pacman -Sy vim -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRZNbZ7NElSD1VhkRApOxAJ4h/BvyPYr8ZuxI73H99d2Obe1f0wCggphJ lHixFOe5Id8TO6Uu9Exw/xI= =oPCp -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 12:17:58 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 12:18:00 2007 Subject: [Frugalware-security] [ FSA-175 ] python Message-ID: <20070512101758.11D801768095@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-175 Date: 2007-05-12 Package: python Vulnerable versions: <= 2.5-2 Unaffected versions: >= 2.5-3terminus1 Related bugreport: http://bugs.frugalware.org/task/2033 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 Description =========== Piotr Engelking has reported a security issue in Python, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to an off-by-one error within the "PyLocale_strxfrm()" function in Modules/_localemodule.c, which can be exploited to disclose certain parts of the memory. Updated Packages ================ Check if you have python installed: # pacman -Q python If found, then you should upgrade to the latest version: # pacman -Sy python -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRZRWZ7NElSD1VhkRAtLuAJ4oH0Ko+G5CNn5MhaxBHsY5rCYVMQCgiY7l iXeI0xsWYT3iZHNx/VKTZZ4= =dU/y -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 16:51:41 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 16:51:43 2007 Subject: [Frugalware-security] [ FSA-176 ] squirrelmail Message-ID: <20070512145141.4BAC713A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-176 Date: 2007-05-12 Package: squirrelmail Vulnerable versions: <= 1.4.9-1 Unaffected versions: >= 1.4.10-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2034 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1262 Description =========== Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) SquirrelMail does not sanitise charsets in HTML or JavaScript data before sending it to browsers. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site by sending malicious HTML emails. Reportedly, this affects Internet Explorer only. 2) The script compose.php allows users to perform certain actions via HTTP requests without performing validity checks to verify the request. This can be exploited to e.g. send emails from another user's account by including malicious links to images in an email. Updated Packages ================ Check if you have squirrelmail installed: # pacman -Q squirrelmail If found, then you should upgrade to the latest version: # pacman -Sy squirrelmail -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRdR9Z7NElSD1VhkRAtZZAKCKARbVjMKcACeXEaxyo5McBtBSbwCfdVSS oNlu5/pCAuN+RD3t1takYGc= =yzhM -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 16:56:07 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 16:56:09 2007 Subject: [Frugalware-security] [ FSA-177 ] gimp Message-ID: <20070512145607.DA92313A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-177 Date: 2007-05-12 Package: gimp Vulnerable versions: <= 2.2.13-1 Unaffected versions: >= 2.2.13-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2007 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2356 Description =========== Marsu has discovered a vulnerability in Gimp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "set_color_table()" function in plug-ins/common/sunras.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .RAS file. Successful exploitation may allow the execution of arbitrary code. Updated Packages ================ Check if you have gimp installed: # pacman -Q gimp If found, then you should upgrade to the latest version: # pacman -Sy gimp -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRdWHZ7NElSD1VhkRArewAJkBqKNN5Yhg5xt6BLq/wwDLWoSYPwCfezv7 prZrYkVqmsc4kYj7WpakPpE= =VFuQ -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 19:54:19 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 19:54:21 2007 Subject: [Frugalware-security] [ FSA-178 ] libexif Message-ID: <20070512175419.9913B13A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-178 Date: 2007-05-12 Package: libexif Vulnerable versions: <= 0.6.13-1 Unaffected versions: >= 0.6.13-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2043 CVE: There is no CVE for this issue. Description =========== Victor Stinner has reported a vulnerability in libexif, which can be exploited by malicious people to cause a DoS and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of malformed EXIF information. This can be exploited to crash an application using the library and may allow execution of arbitrary code. Updated Packages ================ Check if you have libexif installed: # pacman -Q libexif If found, then you should upgrade to the latest version: # pacman -Sy libexif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRf9LZ7NElSD1VhkRAjUXAJ0YMZ9zdvK1Ha8dBRrRpwqAVIeM9ACePWlQ 3G+G18r0Mxs9IQzN+fdrkNs= =vI+R -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 19:59:19 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 19:59:20 2007 Subject: [Frugalware-security] [ FSA-179 ] xmms Message-ID: <20070512175919.6992513A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-179 Date: 2007-05-12 Package: xmms Vulnerable versions: <= 1.2.10-11 Unaffected versions: >= 1.2.10-12terminus1 Related bugreport: http://bugs.frugalware.org/task/1854 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0654 Description =========== Secunia Research has discovered two vulnerabilities in XMMS, which can be exploited by malicious people to compromise a user's system. 1) An integer underflow error exists in the processing of skin bitmap images. This can be exploited to cause a stack-based buffer overflow via specially crafted skin images containing manipulated header information. Successful exploitation allows execution of arbitrary code. 2) An integer overflow error exists in the processing of skin bitmap images. This can be exploited to cause memory corruption via specially crafted skin images containing manipulated header information. Successful exploitation may allow the execution of arbitrary code. Updated Packages ================ Check if you have xmms installed: # pacman -Q xmms If found, then you should upgrade to the latest version: # pacman -Sy xmms -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRgB3Z7NElSD1VhkRAnDQAJ9hMLjL+Zr9UpDtxeav7XpwiVB79gCffSxw lscNBz0QfdmFpJCZxLPa8Ho= =4o+P -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 20:06:08 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 20:06:10 2007 Subject: [Frugalware-security] [ FSA-180 ] xscreensaver Message-ID: <20070512180608.C236313A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-180 Date: 2007-05-12 Package: xscreensaver Vulnerable versions: <= 5.01-1 Unaffected versions: >= 5.01-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2013 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1859 Description =========== Alex Yamauchi has reported a weakness in XScreenSaver, which potentially can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to an error within the parsing of results of a call to "getpwuid()" in drivers/lock.c when using directory servers during a network outage. This can be exploited to e.g. crash XScreenSaver and thus gain access to a locked system. Updated Packages ================ Check if you have xscreensaver installed: # pacman -Q xscreensaver If found, then you should upgrade to the latest version: # pacman -Sy xscreensaver -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRgIQZ7NElSD1VhkRAmsbAKCUjzjDeq32cyyii9jN7vFG1lq3BgCfZXHz XQwsSi0iTD9+MNwvdaTJ/4M= =JpJf -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 20:22:00 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 20:22:04 2007 Subject: [Frugalware-security] [ FSA-181 ] php Message-ID: <20070512182200.BB24C13A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-181 Date: 2007-05-12 Package: php Vulnerable versions: <= 5.2.1-3terminus1 Unaffected versions: >= 5.2.2-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2014 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2509 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2510 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2511 Description =========== Several vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to manipulate certain data, disclose potentially sensitive information, bypass certain security restrictions, or to cause a DoS (Denial of Service), and potentially by malicious people to compromise a vulnerable system. 1) An input validation error in the "ftp_putcmd()" function can be exploited to inject newline characters. 2) An unspecified error in the "import_request_variables()" can be exploited to overwrite global variables. 3) An unspecified error can remotely be exploited to cause a buffer overflow within in the "make_http_soap_request()" function (PHP 5). 4) An unspecified error can be exploited to cause a buffer overflow within the "user_filter_factory_create()" function (PHP 5). 5) An unspecified error in the bundled libxmlrpc library can remotely be exploited to cause a heap-based buffer overflow and may allow execution of arbitrary code. 6) An input validation error in the "mail()" function allows injection of headers via the "To" and "Subject" parameters. 7) An error in the "mail()" function allows to truncate messages via ASCIIZ bytes. 8) The "safe_mode" and "open_basedir" protection mechanisms can be bypassed via the "zip://" and "bzip://" wrappers. 9) An integer overflow exists in "substr_compare()", which can be exploited to read memory from memory behind PHP variables. The "substr_count" function is reportedly also affected. 10) An error in the "mb_parse_str()" can be exploited to activate "register_globals". 11) An error in the Zend engine related to nested array variables that can be exploited to crash a PHP application. Updated Packages ================ Check if you have php installed: # pacman -Q php If found, then you should upgrade to the latest version: # pacman -Sy php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRgXIZ7NElSD1VhkRAn3PAJ9TaE6mvGepafRQLTVJChTD9ZedJwCfQPaA IUNVKXYflCrTncB+Har/LLI= =iMUZ -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 12 23:27:54 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 12 23:27:55 2007 Subject: [Frugalware-security] [ FSA-182 ] mysql Message-ID: <20070512212754.2105F13A402D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-182 Date: 2007-05-12 Package: mysql Vulnerable versions: <= 5.0.37-1 Unaffected versions: >= 5.0.37-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2037 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2583 Description =========== Neil Kettle has reported a vulnerability in MySQL, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling specially crafted IF queries, which can be exploited to crash the server. Updated Packages ================ Check if you have mysql installed: # pacman -Q mysql If found, then you should upgrade to the latest version: # pacman -Sy mysql -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGRjFaZ7NElSD1VhkRAnP6AJ46AQAy0+TU7/Dtcdnsd4wKud5NygCfXsS2 v8Si6BiApN1jzhwi4gDgK6w= =jsHH -----END PGP SIGNATURE----- From noreply at frugalware.org Sun May 13 20:55:44 2007 From: noreply at frugalware.org (voroskoi) Date: Sun May 13 20:55:55 2007 Subject: [Frugalware-security] [ FSA-183 ] asterisk Message-ID: <20070513185544.34A8A17680C5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-183 Date: 2007-05-13 Package: asterisk Vulnerable versions: <= 1.4.2-2terminus1 Unaffected versions: >= 1.4.2-2terminus2 Related bugreport: http://bugs.frugalware.org/task/1985 http://bugs.frugalware.org/task/2030 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2293 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2294 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2297 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2488 Description =========== Some vulnerabilities have been reported in Asterisk, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) Two boundary errors exist in the T.38 SDP parser of the SIP channel when processing the "T38FaxRateManagement" or "T38FaxUdpEC" SDP parameters within the "process_sdp()" function in chan_sip.c. This can be exploited to cause stack-based buffer overflows by sending a specially crafted SIP packet with overly long SDP parameters. Successful exploitation requires that the "t38_udptl" configuration option is set to "yes". 2) A NULL pointer dereference error exists within the authentication mechanism of the Asterisk Remote Management Interface, which can be exploited to crash the service. Successful exploitation requires that the Management Interface is enabled and a user without a password is configured in the manager.conf file. A vulnerability has been reported in Asterisk, which can be exploited by malicious users to disclose potential sensitive information. The vulnerability is caused due to an error within the IAX2 channel driver (chan_iax2) in the processing of text frames. This can be exploited to disclose potentially sensitive heap memory by sending a text frame with content that is not NULL terminated. Updated Packages ================ Check if you have asterisk installed: # pacman -Q asterisk If found, then you should upgrade to the latest version: # pacman -Sy asterisk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGR18wZ7NElSD1VhkRAnGBAJ9BLD1JdrMErRLXM1hIm03qgn+MowCfZ2c4 EdXjzXjaXhFlyx1t81shSbg= =QdaV -----END PGP SIGNATURE----- From noreply at frugalware.org Wed May 23 14:09:48 2007 From: noreply at frugalware.org (voroskoi) Date: Wed May 23 14:09:53 2007 Subject: [Frugalware-security] [ FSA-184 ] libpng Message-ID: <20070523120948.91F7B13A410E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-184 Date: 2007-05-23 Package: libpng Vulnerable versions: <= 1.2.16-1 Unaffected versions: >= 1.2.16-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2051 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2445 Description =========== A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "png_handle_tRNS" function in pngrutil.c. This can be exploited by tricking an application using the library to process a specially crafted PNG file containing a malformed tRNS chunk. Updated Packages ================ Check if you have libpng installed: # pacman -Q libpng If found, then you should upgrade to the latest version: # pacman -Sy libpng -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGVC8MZ7NElSD1VhkRAv6GAJ41UDjf9cM0AGUN3WPQTaGPhwKfnwCglmML KPasX18OlaGl2V4bvMLpJvw= =/Eu2 -----END PGP SIGNATURE----- From noreply at frugalware.org Wed May 23 14:37:26 2007 From: noreply at frugalware.org (voroskoi) Date: Wed May 23 14:37:29 2007 Subject: [Frugalware-security] [ FSA-185 ] samba samba-client Message-ID: <20070523123726.ECE0E13A410E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-185 Date: 2007-05-23 Package: samba samba-client Vulnerable versions: <= 3.0.24-1 Unaffected versions: >= 3.0.24-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2050 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2444 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2446 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2447 Description =========== Some vulnerabilities have been reported in Samba, which can be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system. 1) An error in smbd when translating SIDs to and from names can be exploited to issue SMB/CIFS protocol operations as the root user. Successful exploitation requires a valid user session. 2) An input validation error when updating a user's password can be exploited to inject and execute arbitrary shell commands via a specially crafted MS-RPC call. Successful exploitation of this vulnerability requires that the "username map script" option is set in smb.conf, which is not the default setting. In addition, to successfully exploit this vulnerability via remote printer and file share management, an attacker requires a valid user session. 3) Input validation errors exist in the parsing of RPC requests to the LSA RPC interface. This can be exploited to cause heap based buffer overflows via specially crafted requests to "LsarAddPrivilegesToAccount", "LsarLookupSids", or "LsarLookupSids2". 4) An input validation error exists in the parsing of RPC requests to the DFS RPC interface. This can be exploited to cause a heap based buffer overflow via a specially crafted request to "DFSEnum". 5) An input validation error exists in the parsing of RPC requests to the SPOOLSS RPC interface. This can be exploited to cause a heap based buffer overflow via a specially crafted request to "RFNPCNEX". 6) An input validation error exists in the parsing of RPC requests to the SRVSVC RPC interface. This can be exploited to cause a heap based buffer overflow via a specially crafted request to "NetSetFileSecurity". Successful exploitation of vulnerabilities #3 through #6 allows execution of arbitrary code, but requires a valid user session. Updated Packages ================ Check if you have samba samba-client installed: # pacman -Q samba samba-client If found, then you should upgrade to the latest version: # pacman -Sy samba samba-client -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGVDWFZ7NElSD1VhkRAlfjAJ9MIYTOE3t7z04dcjngxAnjhCBswgCgibZG NsJ9yuSw2zq4cWLmOts+rvM= =X5OV -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 26 17:22:21 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 26 17:22:30 2007 Subject: [Frugalware-security] [ FSA-186 ] jasper Message-ID: <20070526152221.5C56B13A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-186 Date: 2007-05-26 Package: jasper Vulnerable versions: <= 1.900.1-1 Unaffected versions: >= 1.900.1-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2066 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2721 Description =========== A vulnerability has been reported in JasPer, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "jpc_qcx_getcompparms" function when processing JP2 files and can be exploited to crash an application using the library. Updated Packages ================ Check if you have jasper installed: # pacman -Q jasper If found, then you should upgrade to the latest version: # pacman -Sy jasper -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGWFCsZ7NElSD1VhkRAigNAJ9Mld3WUU8qsdRWFD9InHy5sJ9GmACfS7T0 K77Op/ePEqlWu/k4AvRWux0= =BfGm -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 26 17:27:48 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 26 17:27:50 2007 Subject: [Frugalware-security] [ FSA-187 ] php Message-ID: <20070526152748.5090313A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-187 Date: 2007-05-26 Package: php Vulnerable versions: <= 5.2.2-1terminus1 Unaffected versions: >= 5.2.2-1terminus2 Related bugreport: http://bugs.frugalware.org/task/2075 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2756 Description =========== Xavier Roche has reported a vulnerability in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the incorrect use of libpng within the function "gdPngReadData()" in ext/gd/libgd/gd_png.c of the GD extension when processing truncated data. This can be exploited to cause an infinite loop by e.g. tricking an application to process a specially crafted file. Updated Packages ================ Check if you have php installed: # pacman -Q php If found, then you should upgrade to the latest version: # pacman -Sy php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGWFH0Z7NElSD1VhkRAiXQAJ4+pTEkaVL1Jds7MSBVemi2dcOf+QCgkAWG mRkiCGP4/5jnKbMx1sDb46Y= =JqrT -----END PGP SIGNATURE----- From noreply at frugalware.org Sat May 26 17:32:56 2007 From: noreply at frugalware.org (voroskoi) Date: Sat May 26 17:32:59 2007 Subject: [Frugalware-security] [ FSA-188 ] madwifi Message-ID: <20070526153256.F3A2A13A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-188 Date: 2007-05-26 Package: madwifi Vulnerable versions: <= 0.9.3-1terminus1 Unaffected versions: >= 0.9.3.1-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2078 CVE: There is no CVE for these issues Description =========== Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service). 1) A division by zero error exists within the function "ath_beacon_config()". This can be exploited to cause a crash by sending a packet with a zero beacon interval to a vulnerable system. 2) An input sanitation error exists within the IO control "ieee80211_ioctl_getwmmparams". This can be exploited to crash the kernel by calling the IO control with a negative index parameter. This may also allow certain parts of the memory to be disclosed. 3) An input sanitation error exist within the packet parser when parsing nested 802.3 Ethernet frame lengths. This can be exploited to cause a NULL pointer dereference by sending a specially crafted fast frame packet to a vulnerable system. Updated Packages ================ Check if you have madwifi installed: # pacman -Q madwifi If found, then you should upgrade to the latest version: # pacman -Sy madwifi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGWFMoZ7NElSD1VhkRAkLcAJ9MRfcXrFFJvE3KizTv4681KMUDtgCgj5z2 XYDIfDYOIatySY7cLxgruAo= =XfIy -----END PGP SIGNATURE----- From noreply at frugalware.org Sun May 27 22:29:52 2007 From: noreply at frugalware.org (voroskoi) Date: Sun May 27 22:29:55 2007 Subject: [Frugalware-security] [ FSA-189 ] vmware Message-ID: <20070527202952.B0BE213A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-189 Date: 2007-05-27 Package: vmware Vulnerable versions: <= 5.5.3_34685-1 Unaffected versions: >= 5.5.4_44386-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2009 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1069 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1744 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1876 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1877 Description =========== Some vulnerabilities have been reported in various VMware products, which can be exploited by malicious users to cause a DoS (Denial of Service) or bypass certain security restrictions. 1) An error exists within the ACPI implementation of the virtual machine process (VMX) when collecting information about running states of virtual machines, which can be exploited to cause the process to read from invalid memory locations. 2) An error within the saving of configuration data in VMDB files can be exploited to store malformed configuration data and cause a DoS on guest operating systems. 3) An error within the handling of general protection faults (GPFs) in Windows guest operating systems can be exploited to crash Windows virtual machines. 4) Errors when debugging applications in a 64-bit Windows guest operating system on a 64-bit host system can be exploited to e.g. cause corrupted stack pointers or kernel bugchecks. 5) A design error within the "Shared Folders" feature can be exploited in a guest system to read and write arbitrary files on a host system. Successful exploitation requires that at least one folder is shared. In order to write to host files, the "read only" option of the shared folder has to be disabled. ESX server is reportedly not affected as it does not use the "Shared Folders" feature. Updated Packages ================ Check if you have vmware installed: # pacman -Q vmware If found, then you should upgrade to the latest version: # pacman -Sy vmware -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGWeo/Z7NElSD1VhkRAr4iAKCdumBxJ+h2X9bGomivPnGc9HVztACcC0uo RONMF1n8xQwxMI5rj9gJ/Dk= =siXk -----END PGP SIGNATURE----- From noreply at frugalware.org Sun May 27 22:36:19 2007 From: noreply at frugalware.org (voroskoi) Date: Sun May 27 22:36:24 2007 Subject: [Frugalware-security] [ FSA-190 ] zoo Message-ID: <20070527203620.3241513A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-190 Date: 2007-05-27 Package: zoo Vulnerable versions: <= 2.10-4 Unaffected versions: >= 2.10-5terminus1 Related bugreport: http://bugs.frugalware.org/task/2065 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1669 Description =========== It's possible to make the ZOO implementation to enter in an infinite loop condition. The vulnerability lies in the algorithm used to locate the files inside the archive. Each file in a ZOO archive is identified by a direntry structure. Those structures are linked between themselves with a 'next' pointer. This pointer is in fact an offset from the beginning of the file, representing the next direntry structure. By specifying an already processed file, it's possible to process more than one time this same file. The ZOO parser will then enter an infinite loop condition. Updated Packages ================ Check if you have zoo installed: # pacman -Q zoo If found, then you should upgrade to the latest version: # pacman -Sy zoo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGWevDZ7NElSD1VhkRAhnNAJ9gidPLdbM5W7XhDrOUIm3Loi04qgCcDTtp n1cPTK0ZGbJIdN3/8nKiTQo= =D9Jj -----END PGP SIGNATURE----- From noreply at frugalware.org Sun May 27 22:40:32 2007 From: noreply at frugalware.org (voroskoi) Date: Sun May 27 22:40:36 2007 Subject: [Frugalware-security] [ FSA-191 ] freetype2 Message-ID: <20070527204032.4723A13A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-191 Date: 2007-05-27 Package: freetype2 Vulnerable versions: <= 2.3.4-1terminus1 Unaffected versions: >= 2.3.4-1terminus2 Related bugreport: http://bugs.frugalware.org/task/2073 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754 Description =========== Victor Stinner has reported a vulnerability in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to an error when parsing malformed TTF fonts in src/truetype/ttgload.c and may be exploited when processing a specially crafted TTF font. Updated Packages ================ Check if you have freetype2 installed: # pacman -Q freetype2 If found, then you should upgrade to the latest version: # pacman -Sy freetype2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFGWezAZ7NElSD1VhkRArr5AJ4xnmo0UnWeudc0+5Riu0fbn7LpLACfXuJ0 Z6QfR3EQ5Gv3lzfpexsQf9c= =8+Fe -----END PGP SIGNATURE-----