From noreply at frugalware.org Thu Nov 1 01:04:42 2007 From: noreply at frugalware.org (vmiklos) Date: Thu Nov 1 01:04:44 2007 Subject: [Frugalware-security] [ FSA-310 ] kernel Message-ID: <20071101000442.739DD13A405D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-310 Date: 2007-11-01 Package: kernel Vulnerable versions: <= 2.6.22-6 Unaffected versions: >= 2.6.22-7sayshell1 Related bugreport: http://bugs.frugalware.org/task/2455 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3731 Description =========== Evan Teran has reported a security issue in the Linux kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in ptrace when single-stepping a debugged child process with invalid values in the "CS" register, which can be exploited to cause a kernel oops. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHKRgaZ7NElSD1VhkRAnHjAJ9EbLk7mnej5vPDoYwAhI+2QRgg1wCeJQGM NDkM7CMVZpD2bURhEIrNhHE= =TFk0 -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Nov 2 10:10:00 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Nov 2 10:10:01 2007 Subject: [Frugalware-security] [ FSA-311 ] wordpress Message-ID: <20071102091000.0AA2C13A40D4@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-311 Date: 2007-11-02 Package: wordpress Vulnerable versions: <= 2.2.3-1 Unaffected versions: >= 2.3.1-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2535 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5710 Description =========== Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that "register_globals" is enabled. Updated Packages ================ Check if you have wordpress installed: # pacman-g2 -Q wordpress If found, then you should upgrade to the latest version: # pacman-g2 -Sy wordpress -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHKulnZ7NElSD1VhkRAgZTAKCFpSqCTS1e0UvuAKPjpz+tPKbOcACeIspF QQuFP0+56yQe06nIRT7rj3k= =JHnA -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Nov 2 10:57:35 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Nov 2 10:57:36 2007 Subject: [Frugalware-security] [ FSA-312 ] cups Message-ID: <20071102095735.45E3813A40D4@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-312 Date: 2007-11-02 Package: cups Vulnerable versions: <= 1.3.2-1 Unaffected versions: >= 1.3.2-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2540 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4351 Description =========== Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO()" function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags. This can be exploited to overwrite one byte on the stack with a zero by sending an IPP request containing specially crafted "textWithLanguage" or "nameWithLanguage" tags. Successful exploitation allows execution of arbitrary code. Updated Packages ================ Check if you have cups installed: # pacman-g2 -Q cups If found, then you should upgrade to the latest version: # pacman-g2 -Sy cups -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHKvSPZ7NElSD1VhkRAh7nAJ4giPcOcSdPqQhwW3kQMOr92OfDkACfUUI4 vQhWOMKFrtuqvbc0T174d2w= =rj7U -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Nov 2 11:04:54 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Nov 2 11:04:57 2007 Subject: [Frugalware-security] [ FSA-313 ] django Message-ID: <20071102100454.E4C4413A40D2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-313 Date: 2007-11-02 Package: django Vulnerable versions: <= 0.96-1 Unaffected versions: >= 0.96-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2543 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5712 Description =========== A vulnerability has been reported in Django, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the Django internationalization system ("i18n") incorrectly processing HTTP headers. This can be exploited to allocate large amounts of memory by sending specially crafted HTTP "Accept-Language" requests. Successful exploitation requires that the "USE_I18N" option and the "i18n" middleware component are enabled. Updated Packages ================ Check if you have django installed: # pacman-g2 -Q django If found, then you should upgrade to the latest version: # pacman-g2 -Sy django -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHKvZGZ7NElSD1VhkRAgU+AKCXkvxft/+aaUuYEmJMqzYfavsokwCgoSUG ksFTNqFtBy86ynI4PWYd29E= =lnrK -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Nov 2 11:08:31 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Nov 2 11:08:32 2007 Subject: [Frugalware-security] [ FSA-314 ] liferea Message-ID: <20071102100831.4F2D013A40D2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-314 Date: 2007-11-02 Package: liferea Vulnerable versions: <= 1.2.23-1 Unaffected versions: >= 1.2.23-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2544 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5751 Description =========== A security issue has been reported in Liferea, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to incorrect file permissions being set for the "feedlist.opml" backup file. This can be exploited to retrieve feed or proxy authentication usernames and passwords. Updated Packages ================ Check if you have liferea installed: # pacman-g2 -Q liferea If found, then you should upgrade to the latest version: # pacman-g2 -Sy liferea -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHKvcfZ7NElSD1VhkRAhVWAJ98mGb9/0x0I6ChLCQ9gmNaxK4ongCgl1f9 4Kf11oY1R5SR1L2sugm7uqo= =Sf8N -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Nov 12 10:33:25 2007 From: noreply at frugalware.org (vmiklos) Date: Mon Nov 12 10:33:29 2007 Subject: [Frugalware-security] [ FSA-315 ] kernel Message-ID: <20071112093325.BB05511901BB@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-315 Date: 2007-11-12 Package: kernel Vulnerable versions: <= 2.6.22-7sayshell1 Unaffected versions: >= 2.6.22-7sayshell2 Related bugreport: http://bugs.frugalware.org/task/2562 CVE: CVE-2007-4997 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-two error within the function "ieee80211_rx()" in net/ieee80211/ieee80211_rx.c. This can be exploited to cause a kernel panic by sending a specially crafted ieee80211 frame with the IEEE80211_STYPE_QOS_DATA flag set to an affected system. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHOB3lZ7NElSD1VhkRAqhbAJ9ezmYCmialNgqV5wKhMohoe+SR8wCgkUWF paE0piA2Np0ICs7iAvClTQU= =icQW -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Nov 17 16:44:29 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Nov 17 16:44:32 2007 Subject: [Frugalware-security] [ FSA-316 ] xpdf Message-ID: <20071117154429.8E86C11901BB@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-316 Date: 2007-11-17 Package: xpdf Vulnerable versions: <= 3.02-3 Unaffected versions: >= 3.02-4sayshell1 Related bugreport: http://bugs.frugalware.org/task/2558 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Description =========== Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. 1) An array indexing error within the "DCTStream::readProgressiveDataUnit()" method in xpdf/Stream.cc can be exploited to corrupt memory via a specially crafted PDF file. 2) An integer overflow error within the "DCTStream::reset()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. 3) A boundary error within the "CCITTFaxStream::lookChar()" method in xpdf/Stream.cc can be exploited to cause a heap-based buffer overflow by tricking a user into opening a PDF file containing a specially crafted "CCITTFaxDecode" filter. Successful exploitation allows execution of arbitrary code. Updated Packages ================ Check if you have xpdf installed: # pacman-g2 -Q xpdf If found, then you should upgrade to the latest version: # pacman-g2 -Sy xpdf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHPwxdZ7NElSD1VhkRArDrAJ0THVwOMSP6hBSJpDPO/XPrBBVaOwCglkTs 8rTQIiJT90gme+9etS9N9AM= =WjwN -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Nov 17 16:59:33 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Nov 17 16:59:40 2007 Subject: [Frugalware-security] [ FSA-317 ] koffice Message-ID: <20071117155933.EEFB5119019C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-317 Date: 2007-11-17 Package: koffice Vulnerable versions: <= 1.6.3-2 Unaffected versions: >= 1.6.3-3sayshell1 Related bugreport: http://bugs.frugalware.org/task/2559 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Description =========== Some vulnerabilities have been reported in KOffice, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the use of vulnerable Xpdf code. For more information: FSA-316 Updated Packages ================ Check if you have koffice installed: # pacman-g2 -Q koffice If found, then you should upgrade to the latest version: # pacman-g2 -Sy koffice -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHPw/lZ7NElSD1VhkRAsroAKCnSmBezipgiTw3IkbeB+tDFXmPrQCeNeVO 5u1qe0JOEEpdbz8+EmvsMjo= =hUNw -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Nov 17 17:07:46 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Nov 17 17:07:51 2007 Subject: [Frugalware-security] [ FSA-318 ] kdegraphics Message-ID: <20071117160746.88C6B11901B1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-318 Date: 2007-11-17 Package: kdegraphics Vulnerable versions: <= 3.5.7-2 Unaffected versions: >= 3.5.7-3sayshell1 Related bugreport: http://bugs.frugalware.org/task/2560 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Description =========== Some vulnerabilities have been reported in KOffice, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the use of vulnerable Xpdf code. For more information: FSA-316 Updated Packages ================ Check if you have kdegraphics installed: # pacman-g2 -Q kdegraphics If found, then you should upgrade to the latest version: # pacman-g2 -Sy kdegraphics -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHPxHRZ7NElSD1VhkRAnqnAJ9tp1EICbXjgC28EfQyqFHBWHDKYwCglZEf 8IXoCnRt+ZwqUodgWdp5rVo= =hw5n -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Nov 23 10:11:44 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Nov 23 10:11:49 2007 Subject: [Frugalware-security] [ FSA-319 ] poppler Message-ID: <20071123091144.C11F811901B1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-319 Date: 2007-11-23 Package: poppler Vulnerable versions: <= 0.6-1 Unaffected versions: >= 0.6-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2561 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Description =========== Some vulnerabilities have been reported in Poppler, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to the use of vulnerable Xpdf code. For more information: FSA-316 Updated Packages ================ Check if you have poppler installed: # pacman-g2 -Q poppler If found, then you should upgrade to the latest version: # pacman-g2 -Sy poppler -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHRplQZ7NElSD1VhkRAjebAJ9sGyv+GXdhGTRFKSJXFMVNz7asVgCdH7x1 mwJpmr9td3jodqewagwGG74= =w8H2 -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Nov 25 21:43:51 2007 From: noreply at frugalware.org (vmiklos) Date: Sun Nov 25 21:43:58 2007 Subject: [Frugalware-security] [ FSA-320 ] kernel Message-ID: <20071125204351.AFBAC11901BD@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-320 Date: 2007-11-25 Package: kernel Vulnerable versions: <= 2.6.22-7sayshell2 Unaffected versions: >= 2.6.22-7sayshell3 Related bugreport: http://bugs.frugalware.org/task/2599 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5501 Description =========== Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service). 1) An error within the "wait_task_stopped()" function can be exploited to cause a DoS by manipulating the state of a child process while the parent is waiting for the state to change (e.g. the parent is inside "wait()" or "waitpid()"). 2) An NULL-pointer dereference error exists within the "tcp_sacktag_write_queue()" function when processing ACK packets. This can be exploited to crash an affected system via specially crafted ACK packets. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHSd6HZ7NElSD1VhkRAmalAJ99ayYRYVai+6H0yRlOo75ACvEV2gCfQu+Q nSB9w/YGhPt6EA0DHRUJBjs= =pv4E -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Nov 27 19:29:24 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Nov 27 19:29:28 2007 Subject: [Frugalware-security] [ FSA-321 ] openldap Message-ID: <20071127182924.066F711901C3@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-321 Date: 2007-11-27 Package: openldap Vulnerable versions: <= 2.3.38-1 Unaffected versions: >= 2.3.39-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2542 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5707 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5708 Description =========== Some vulnerabilities have been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service). 1) A vulnerability is caused due to the "add_filter_attrs()" function in servers/slapd/overlay/pcache.c not correctly NULL terminating "new_attrs", which can be exploited to crash slapd due to an out of bounds memory access. Successful exploitation may require that slapd runs as proxy-caching server. 2) An error within the normalisation of "objectClasses" can be exploited to crash a vulnerable server by sending a malformed "objectClasses" attribute. Updated Packages ================ Check if you have openldap installed: # pacman-g2 -Q openldap If found, then you should upgrade to the latest version: # pacman-g2 -Sy openldap -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHTGIDZ7NElSD1VhkRAioxAJ92+LnKqbH8loOl8jUi7f4sj4K7zgCcClNE qAxkg6ocVdN+9Qcklc6A0Bk= =bZEa -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Nov 27 20:46:44 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Nov 27 20:46:49 2007 Subject: [Frugalware-security] [ FSA-322 ] perl Message-ID: <20071127194644.A4A7811904C1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-322 Date: 2007-11-27 Package: perl Vulnerable versions: <= 5.8.8-4 Unaffected versions: >= 5.8.8-5sayshell1 Related bugreport: http://bugs.frugalware.org/task/2568 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116 Description =========== Tavis Ormandy and Will Drewry have reported a vulnerability in Perl, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the processing of regular expressions containing Unicode data. This can be exploited to cause a buffer overflow via a specially crafted regular expression causing a runtime switch to the Unicode character scheme. Updated Packages ================ Check if you have perl installed: # pacman-g2 -Q perl If found, then you should upgrade to the latest version: # pacman-g2 -Sy perl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHTHQkZ7NElSD1VhkRApqXAJ9sk7nY+vHJrQYNTHB0JgpbfMM1eQCgkhnu gZrujBx3jqiMflwJ9A0iuMc= =Z45v -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Nov 27 21:19:25 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Nov 27 21:19:29 2007 Subject: [Frugalware-security] [ FSA-323 ] cpio Message-ID: <20071127201925.E9FF811901C3@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-323 Date: 2007-11-27 Package: cpio Vulnerable versions: <= 2.9-1 Unaffected versions: >= 2.9-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2570 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4476 Description =========== There is a vulnerability in cpio, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing specially crafted tar archives and can be exploited to cause a stack-based buffer overflow and crash the vulnerable application. Updated Packages ================ Check if you have cpio installed: # pacman-g2 -Q cpio If found, then you should upgrade to the latest version: # pacman-g2 -Sy cpio -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHTHvNZ7NElSD1VhkRAhtbAKCFkul4uPyIu7LpXhKUgpjo+NIaPACfSly/ nHqcEEAGGEV02cfC4T2IGiI= =fMdY -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Nov 27 21:25:24 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Nov 27 21:25:30 2007 Subject: [Frugalware-security] [ FSA-324 ] php Message-ID: <20071127202524.7BE8A11901C3@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-324 Date: 2007-11-27 Package: php Vulnerable versions: <= 5.2.4-1 Unaffected versions: >= 5.2.5-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2576 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4887 Description =========== Some vulnerabilities and weaknesses have been reported in PHP, where some have unknown impacts and others can be exploited to bypass certain security restrictions. 1) Various errors exist in the "htmlentities" and "htmlspecialchars" functions where partial multibyte sequences are not accepted. 2) Various boundary errors exist in the "fnmatch()", "setlocale()", and "glob()" functions and can be exploited to cause buffer overflows. 3) An error in the processing of the "mail.force_extra_parameters" directive within an ".htaccess" file can be exploited to bypass the "safe_mode" directive. 4) An error in the handling of variables can be exploited to overwrite values set in httpd.conf via the "ini_set()" function. Updated Packages ================ Check if you have php installed: # pacman-g2 -Q php If found, then you should upgrade to the latest version: # pacman-g2 -Sy php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHTH00Z7NElSD1VhkRAqKkAJ9UZ23Q+RODIQUT1j6fscC2K8dnKwCeL6Hb imxOp1XN8k6MxwBKclgiDZw= =7Jae -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Nov 27 22:02:18 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Nov 27 22:02:20 2007 Subject: [Frugalware-security] [ FSA-325 ] phpmyadmin Message-ID: <20071127210218.6C42611904BF@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-325 Date: 2007-11-27 Package: phpmyadmin Vulnerable versions: <= 2.11.1.2-1sayshell1 Unaffected versions: >= 2.11.2.2-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2578 http://bugs.frugalware.org/task/2588 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5976 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5977 Description =========== Three vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion, SQL injection and cross-site scripting attacks. 1) Input passed to the "db" parameter in db_create.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation requires that the attacker has CREATE DATABASE credentials, that the target user has valid user credentials, and that the target user uses a web browser that executes JavaScript code in img HTML elements (e.g. Opera). 2) Input passed to the "db" parameter in db_create.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that the attacker has CREATE DATABASE credentials. 3) Tim Brown has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "convcharset" parameter in index.php (when "auth_type" in the configuration is set to "cookie") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have phpmyadmin installed: # pacman-g2 -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman-g2 -Sy phpmyadmin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHTIXaZ7NElSD1VhkRAvtqAJ9C7VnLWoA2AHtN2gokq06GcLESjwCfQluG ska7dIgWK0FkBl1meNufubw= =4V+X -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Nov 27 22:06:56 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Nov 27 22:06:58 2007 Subject: [Frugalware-security] [ FSA-326 ] samba Message-ID: <20071127210656.0D57111901C3@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-326 Date: 2007-11-27 Package: samba Vulnerable versions: <= 3.0.26-1 Unaffected versions: >= 3.0.26-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2589 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4572 Description =========== Some vulnerabilities have been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error exists within the "reply_netbios_packet()" function in nmbd/nmbd_packets.c when sending NetBIOS replies. This can be exploited to cause a stack-based buffer overflow by sending multiple specially crafted WINS "Name Registration" requests followed by a WINS "Name Query" request. Successful exploitation allows execution of arbitrary code, but requires that Samba is configured to run as a WINS server (the "wins support" option is enabled). 2) A boundary error exists within the processing of GETDC logon requests. This can be exploited to cause a buffer overflow by sending specially crafted GETDC mailslot requests. Successful exploitation of the vulnerability requires that Samba is configured as a Primary or Backup Domain Controller. Updated Packages ================ Check if you have samba installed: # pacman-g2 -Q samba If found, then you should upgrade to the latest version: # pacman-g2 -Sy samba -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHTIbwZ7NElSD1VhkRAggJAKCZAtn9CodHvsu4XMjtN46sgMd7/QCcCWRB b/snfj0rr/KFEEvX4ScNnm4= =wNzu -----END PGP SIGNATURE-----