From noreply at frugalware.org Mon Oct 1 09:43:25 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 1 09:43:28 2007 Subject: [Frugalware-security] [ FSA-281 ] sylpheed Message-ID: <20071001074325.6592D13A406B@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-281 Date: 2007-10-01 Package: sylpheed Vulnerable versions: <= 2.3.1-1 Unaffected versions: >= 2.3.1-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2378 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958 Description =========== Secunia Research has discovered a vulnerability in Sylpheed, which can be exploited by malicious people to compromise a vulnerable system. A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. Updated Packages ================ Check if you have sylpheed installed: # pacman-g2 -Q sylpheed If found, then you should upgrade to the latest version: # pacman-g2 -Sy sylpheed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHAKUdZ7NElSD1VhkRAqibAJ4vYJotsf3ssHJP+k81eHNYiOJP8QCdEKzi avEoiS/O9ydACK5EP/6U53g= =V17L -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 1 09:48:21 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 1 09:48:22 2007 Subject: [Frugalware-security] [ FSA-282 ] claws-mail Message-ID: <20071001074821.3E14813A406A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-282 Date: 2007-10-01 Package: claws-mail Vulnerable versions: <= 2.8.1-1 Unaffected versions: >= 2.8.1-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2378 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2958 Description =========== Secunia Research has discovered a vulnerability in Sylpheed-Claws (Claws Mail), which can be exploited by malicious people to compromise a vulnerable system. A format string error in the "inc_put_error()" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. Updated Packages ================ Check if you have claws-mail installed: # pacman-g2 -Q claws-mail If found, then you should upgrade to the latest version: # pacman-g2 -Sy claws-mail -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHAKZFZ7NElSD1VhkRAlJnAKCVurHu9s8yMW8RPuJOtPGtplbEdQCggRam ptxiADJ8ibXVjc32MSDu0aY= =C2ZX -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 1 09:59:58 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 1 10:00:05 2007 Subject: [Frugalware-security] [ FSA-283 ] qt4 Message-ID: <20071001075958.0C46B13A406A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-283 Date: 2007-10-01 Package: qt4 Vulnerable versions: <= 4.2.3-2terminus1 Unaffected versions: >= 4.2.3-2terminus2 Related bugreport: http://bugs.frugalware.org/task/2422 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4137 Description =========== A vulnerability has been reported in Qt, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise an application using the library. The vulnerability is caused due to an off-by-one error within the "QUtf8Decoder::toUnicode()" function ("QUtf8Codec::convertToUnicode()" in Qt 4.x) in codecs/qutfcodec.cpp. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted unicode string. Updated Packages ================ Check if you have qt4 installed: # pacman-g2 -Q qt4 If found, then you should upgrade to the latest version: # pacman-g2 -Sy qt4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHAKj+Z7NElSD1VhkRApmBAKCDzD1BouLH4fQMFaK2vZu1Pd6UlQCdFd9G LgQdXP/3qaxJTWDX7nzSLYc= =0bge -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 4 11:24:13 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 4 11:24:15 2007 Subject: [Frugalware-security] [ FSA-284 ] wordpress Message-ID: <20071004092413.4E0AC13A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-284 Date: 2007-10-04 Package: wordpress Vulnerable versions: <= 2.2.2-1terminus1 Unaffected versions: >= 2.2.3-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2398 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4894 Description =========== Some vulnerabilities have been reported in Wordpress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks. 1) The "unfiltered_html" privilege feature can be bypassed by adding a field named "no_filter". This can be exploited by malicious users without the "unfiltered_html" privilege to e.g. post blog entries with arbitrary HTML and script code via specially crafted POST requests. 2) Input passed to certain parameters (e.g. the "post_type" parameter of the URL passed to the "pingback.extensions.getPingbacks()" XMLRPC method) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Updated Packages ================ Check if you have wordpress installed: # pacman-g2 -Q wordpress If found, then you should upgrade to the latest version: # pacman-g2 -Sy wordpress -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBLE9Z7NElSD1VhkRAgGzAKCn74jVX4uPmBAAKjwubyEAq6f+fwCfT7dh pjWhvrkSueV92oi5mBYknzE= =xo/0 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 4 11:29:43 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 4 11:29:44 2007 Subject: [Frugalware-security] [ FSA-285 ] mediawiki Message-ID: <20071004092943.9DA0013A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-285 Date: 2007-10-04 Package: mediawiki Vulnerable versions: <= 1.9.3-1 Unaffected versions: >= 1.9.4-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2412 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4828 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4883 Description =========== A vulnerability has been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to unspecified parameters in the API pretty-printing mode is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the API interface is enabled. Updated Packages ================ Check if you have mediawiki installed: # pacman-g2 -Q mediawiki If found, then you should upgrade to the latest version: # pacman-g2 -Sy mediawiki -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBLKHZ7NElSD1VhkRAvPoAJ9+PTWwkQsBoFIqkUAX+DJWO+FIPwCfaA89 gcvjhjZbk4A7UZ/V++BJ/K4= =rG+k -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 4 11:37:27 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 4 11:37:29 2007 Subject: [Frugalware-security] [ FSA-286 ] firefox Message-ID: <20071004093727.566F213A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-286 Date: 2007-10-04 Package: firefox Vulnerable versions: <= 2.0.0.6-1terminus1 Unaffected versions: >= 2.0.0.7-1terminus1 Related bugreport: http://bugs.frugalware.org/task/2423 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4965 Description =========== Mozilla has acknowledged a security issue in Firefox, which potentially can be exploited by malicious people to compromise a user's system. The security issue is caused due to the "-chrome" parameter allowing execution of arbitrary Javascript script code in chrome context. This can be exploited to execute arbitrary commands on a user's system e.g. via applications invoking Firefox with unfiltered command line arguments. Updated Packages ================ Check if you have firefox installed: # pacman-g2 -Q firefox If found, then you should upgrade to the latest version: # pacman-g2 -Sy firefox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBLRXZ7NElSD1VhkRAvbFAJ9yUHiJhLGZsOfnXnrAzE7/s3Q5zgCePj0t LJ0GXhd7VzmQXof68wciUiU= =sKUK -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 4 11:43:13 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 4 11:43:16 2007 Subject: [Frugalware-security] [ FSA-287 ] inotify-tools Message-ID: <20071004094313.7986413A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-287 Date: 2007-10-04 Package: inotify-tools Vulnerable versions: <= 3.8-1 Unaffected versions: >= 3.8-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2425 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5037 Description =========== A vulnerability has been reported in inotify-tools, which can potentially be exploited by malicious users to compromise an application using the library. The vulnerability is caused due to a boundary error within the "inotifytools_snprintf()" function in src/inotifytools.c. This can be exploited to cause a buffer overflow by e.g. creating a file with an overly long filename in a specific directory. Successful exploitation may allow the execution of arbitrary code with privileges of the application using the affected library. Updated Packages ================ Check if you have inotify-tools installed: # pacman-g2 -Q inotify-tools If found, then you should upgrade to the latest version: # pacman-g2 -Sy inotify-tools -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBLWxZ7NElSD1VhkRAqEtAJ9aZh//d7ZpMJ5ccyHpKJPGtYqLqQCgggAS B6fOarCmJcDIoQLUuw7gXf4= =4VVT -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 4 11:48:06 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 4 11:48:09 2007 Subject: [Frugalware-security] [ FSA-288 ] libsndfile Message-ID: <20071004094806.EBDFA13A4012@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-288 Date: 2007-10-04 Package: libsndfile Vulnerable versions: <= 1.0.17-2 Unaffected versions: >= 1.0.17-3terminus1 Related bugreport: http://bugs.frugalware.org/task/2431 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4974 Description =========== Robert Buchholz has reported a vulnerability in libsndfile, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "flac_buffer_copy()" function in src/flac.c when handling FLAC files with variable bitrates. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into playing a specially crafted FLAC file with an application using the library. Successful exploitation may allow the execution of arbitrary code. Updated Packages ================ Check if you have libsndfile installed: # pacman-g2 -Q libsndfile If found, then you should upgrade to the latest version: # pacman-g2 -Sy libsndfile -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBLbWZ7NElSD1VhkRAp9TAKCZTiW6CdodaXB50lsPssTMv66YLACfeZfT NbepKfs3nCzmbURjzjGw0Ao= =Zy4n -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 4 11:53:12 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 4 11:53:15 2007 Subject: [Frugalware-security] [ FSA-289 ] elinks Message-ID: <20071004095312.AC5CD13A4013@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-289 Date: 2007-10-04 Package: elinks Vulnerable versions: <= 0.11.2-2terminus1 Unaffected versions: >= 0.11.2-2terminus2 Related bugreport: http://bugs.frugalware.org/task/2457 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5034 Description =========== A weakness has been reported in ELinks, which can be exploited by malicious people to disclose sensitive information. The content of POST requests sent to HTTPS webservers via a proxy is sent unencrypted via the CONNECT command to the configured proxy. This can be exploited to disclose the content of POST requests by e.g. sniffing network traffic. Updated Packages ================ Check if you have elinks installed: # pacman-g2 -Q elinks If found, then you should upgrade to the latest version: # pacman-g2 -Sy elinks -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBLgIZ7NElSD1VhkRAtJzAKCMkmcJTslS/Q7x8FaWy9bBb+q7RwCfXivG JlENlBFaU8ddARozVcxz/1k= =4PQd -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Oct 6 09:26:33 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Oct 6 09:26:35 2007 Subject: [Frugalware-security] [ FSA-290 ] t1lib Message-ID: <20071006072633.C259A13A40EA@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-290 Date: 2007-10-06 Package: t1lib Vulnerable versions: <= 5.1.1-1 Unaffected versions: >= 5.1.1-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2297 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4033 Description =========== Hamid Ebadi has reported a vulnerability in t1lib, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "intT1_EnvGetCompletePath()" function in lib/t1lib/t1env.c. This can be exploited to cause a buffer overflow when an application processes an overly long string in the "FileName" parameter. Updated Packages ================ Check if you have t1lib installed: # pacman-g2 -Q t1lib If found, then you should upgrade to the latest version: # pacman-g2 -Sy t1lib -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBzipZ7NElSD1VhkRAp1tAKCiSphx8p8OU1icIMXNvEAtWCCV3ACeLHQa 8ykyZqCwCmqz2sPJ9hvLDyI= =4Ztt -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Oct 6 09:33:19 2007 From: noreply at frugalware.org (voroskoi) Date: Sat Oct 6 09:33:21 2007 Subject: [Frugalware-security] [ FSA-291 ] ruby Message-ID: <20071006073319.35BC413A40D5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-291 Date: 2007-10-06 Package: ruby Vulnerable versions: <= 1.8.5-4terminus1 Unaffected versions: >= 1.8.5-4terminus2 Related bugreport: http://bugs.frugalware.org/task/2459 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5162 Description =========== Chris Clark has reported a security issue in Ruby, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the "Net::HTTPS" library not properly checking if the Common Name field provided inside SSL server certificates matches the requested hostname of a server. This can be exploited to conduct spoofing attacks. Successful exploitation requires a MitM (Man-in-the-Middle) attack and possession of a valid certificate, which is signed by the CA specified in the client. Updated Packages ================ Check if you have ruby installed: # pacman-g2 -Q ruby If found, then you should upgrade to the latest version: # pacman-g2 -Sy ruby -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHBzo/Z7NElSD1VhkRAvy9AJwMiUy1CcZNXd53+Qy+Z2vXRPpnnACdEp4h M08aAF0TgliJXVmHcuy4BuY= =pvHF -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Oct 7 11:55:29 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Oct 7 11:55:30 2007 Subject: [Frugalware-security] [ FSA-292 ] openssl Message-ID: <20071007095529.33D3F13A40EA@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-292 Date: 2007-10-07 Package: openssl Vulnerable versions: <= 0.9.8-6 Unaffected versions: >= 0.9.8-7terminus1 Related bugreport: http://bugs.frugalware.org/task/2466 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3108 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 Description =========== Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) This fixes a weakness, which can be exploited by malicious, local users to disclose sensitive information. The problem is caused due to an error in the RSA implementation and can be exploited to disclose private keys via side-channel attacks. 2) Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. Updated Packages ================ Check if you have openssl installed: # pacman-g2 -Q openssl If found, then you should upgrade to the latest version: # pacman-g2 -Sy openssl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHCK0RZ7NElSD1VhkRAozwAJ9svhNSIN6pPdhJiDcJJAT/XzgaKACggkyX gjtGu/1wEmFCvMo/KXZhyqI= =jpjW -----END PGP SIGNATURE----- From noreply at frugalware.org Sun Oct 7 12:00:15 2007 From: noreply at frugalware.org (voroskoi) Date: Sun Oct 7 12:00:17 2007 Subject: [Frugalware-security] [ FSA-293 ] xfs Message-ID: <20071007100015.4BA3513A40D5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-293 Date: 2007-10-07 Package: xfs Vulnerable versions: <= 1.0.4-1 Unaffected versions: >= 1.0.4-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2458 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4568 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4989 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4990 Description =========== Some vulnerabilities have been reported in the X.Org X11 X Font Server (XFS), which can be exploited by malicious, local users to gain escalated privileges. 1) An integer overflow exists within the handlers for the X protocol requests "QueryXBitmaps" and "QueryXExtents", which do not correctly check the "length" parameters before passing them to the "build_range()" function. This can be exploited to cause a heap-based buffer overflow by sending specially crafted "QueryXBitmaps" and "QueryXExtents" requests to a vulnerable service. 2) An error exists within the handler for the X protocol requests "QueryXBitmaps" and "QueryXExtents" when calling the "swap_char2b()" function, which can be exploited to swap an arbitrary number of bytes on the heap, resulting in a heap corruption. Updated Packages ================ Check if you have xfs installed: # pacman-g2 -Q xfs If found, then you should upgrade to the latest version: # pacman-g2 -Sy xfs -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHCK4vZ7NElSD1VhkRApDgAJ9TL42LGqqGwS+FXXg8mVy6V2nDYQCcDT6O oAHCv2wkNFWC/4u41NZ+9rM= =O7Za -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 8 15:45:23 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 8 15:45:25 2007 Subject: [Frugalware-security] [ FSA-294 ] kdebase Message-ID: <20071008134523.6031113A40EA@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-294 Date: 2007-10-08 Package: kdebase Vulnerable versions: <= 3.5.6-3terminus2 Unaffected versions: >= 3.5.6-3terminus3 Related bugreport: http://bugs.frugalware.org/task/2198 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2022 Description =========== A vulnerability has been reported in Konqueror, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error within the interaction between Konqueror and the Adobe Flash Player plug-in, which may result in key presses being leaked to a Flash applet. This can be exploited to disclose potentially sensitive information. Updated Packages ================ Check if you have kdebase installed: # pacman-g2 -Q kdebase If found, then you should upgrade to the latest version: # pacman-g2 -Sy kdebase -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHCjRzZ7NElSD1VhkRAqR3AJ4wCoKPA9zLSWWAHeh69pJZGCv7ygCdH3Px SSDm7CU6mNvti3Tu2iJ5kZk= =fPuF -----END PGP SIGNATURE----- From noreply at frugalware.org Mon Oct 8 15:51:12 2007 From: noreply at frugalware.org (voroskoi) Date: Mon Oct 8 15:51:14 2007 Subject: [Frugalware-security] [ FSA-295 ] python Message-ID: <20071008135112.12C9C13A40EA@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-295 Date: 2007-10-08 Package: python Vulnerable versions: <= 2.5-3terminus2 Unaffected versions: >= 2.5-3terminus3 Related bugreport: http://bugs.frugalware.org/task/2428 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 Description =========== Slythers Bro has discovered a security issue in the imageop module for Python, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The security issue is caused due to an integer overflow error within the "tovideo()" function and can be exploited to cause a heap-based buffer overflow when specially crafted parameters are passed to the function. Successful exploitation may allow execution of arbitrary code. Updated Packages ================ Check if you have python installed: # pacman-g2 -Q python If found, then you should upgrade to the latest version: # pacman-g2 -Sy python -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHCjXPZ7NElSD1VhkRAu7tAJsHLMUF2RFxlUdfhV9wYuqm+cEbVwCfasdx Qwarb9sWYbak92P6JFVhdXM= =jGlO -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Oct 19 16:43:12 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Oct 19 16:43:14 2007 Subject: [Frugalware-security] [ FSA-296 ] libpng Message-ID: <20071019144312.176F613A4001@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-296 Date: 2007-11-19 Package: libpng Vulnerable versions: <= 1.2.20-1 Unaffected versions: >= 1.2.22-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2475 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5266 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5269 Description =========== Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency extension, and an incorrect use of sizeof() may be exploited to crash an application using the library. 2) Various out-of-bounds read errors exist within the functions "png_handle_pCAL()", "png_handle_sCAL()", "png_push_read_tEXt()", "png_handle_iTXt()", and "png_handle_ztXt()", which may be exploited by exploited to crash an application using the library. 3) The vulnerability is caused due to an off-by-one error within the ICC profile chunk handling, which potentially can be exploited to crash an application using the library. Updated Packages ================ Check if you have libpng installed: # pacman-g2 -Q libpng If found, then you should upgrade to the latest version: # pacman-g2 -Sy libpng -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHGMJ/Z7NElSD1VhkRAlmrAJ92iTNWcbVQPuhwTaK1cjMIA/mmgwCdEDu8 4Mnr0H3I/CCIUzXVSsimBBQ= =qq8r -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Oct 19 16:57:13 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Oct 19 16:57:16 2007 Subject: [Frugalware-security] [ FSA-297 ] wesnoth Message-ID: <20071019145713.4979513A4001@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-297 Date: 2007-11-19 Package: wesnoth Vulnerable versions: <= 1.2.6-1 Unaffected versions: >= 1.2.6-2terminus1 Related bugreport: http://bugs.frugalware.org/task/2486 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3917 Description =========== A vulnerability has been reported in Wesnoth, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the processing of UTF-8 strings within the multiplayer engine . This can be exploited by malicious clients to crash a vulnerable Wesnoth client. Updated Packages ================ Check if you have wesnoth installed: # pacman-g2 -Q wesnoth If found, then you should upgrade to the latest version: # pacman-g2 -Sy wesnoth -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHGMXJZ7NElSD1VhkRAit5AKCa0B2wVmt3XjZ7jtz22wpI2vvHjgCgoBVr nzrymcqt5+1eUPa/y9UqoeI= =iEb5 -----END PGP SIGNATURE----- From noreply at frugalware.org Fri Oct 19 17:18:45 2007 From: noreply at frugalware.org (voroskoi) Date: Fri Oct 19 17:18:49 2007 Subject: [Frugalware-security] [ FSA-298 ] pwlib Message-ID: <20071019151845.9C45B13A4001@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-298 Date: 2007-10-19 Package: pwlib Vulnerable versions: <= 1.10.10-1 Unaffected versions: >= 1.10.10-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2491 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4897 Description =========== A vulnerability has been discovered in PWLib, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "PString::vsprintf()" method in src/ptlib/common/contain.cxx. This can be exploited to cause a memory corruption by e.g. tricking an application using the library to use this function with a string longer than 1000 bytes. Updated Packages ================ Check if you have pwlib installed: # pacman-g2 -Q pwlib If found, then you should upgrade to the latest version: # pacman-g2 -Sy pwlib -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHGMrVZ7NElSD1VhkRAqujAJ46bEQJOqW7Mrp5unDA+wCih+1eUwCfSqMv 1twQi9/NxW5wI0S9aYGZxa8= =ArIr -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 09:00:59 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 09:01:02 2007 Subject: [Frugalware-security] [ FSA-299 ] openssl Message-ID: <20071023070059.32D3513A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-299 Date: 2007-10-23 Package: openssl Vulnerable versions: <= 0.9.8-9 Unaffected versions: >= 0.9.8-10sayshell1 Related bugreport: http://bugs.frugalware.org/task/2488 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4995 Description =========== Andy Polyakov has reported a vulnerability in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error within the DTLS implementation. Successful exploitation may allow the execution of arbitrary code. Note: Reportedly, this vulnerability affects only clients and servers explicitly using DTLS. Updated Packages ================ Check if you have openssl installed: # pacman-g2 -Q openssl If found, then you should upgrade to the latest version: # pacman-g2 -Sy openssl -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHZwrZ7NElSD1VhkRAoudAJ4pEHNozk8P9cWMvlGHwGIkm/uzSgCbBMEw wDmtrwKjiBn3ucFatuj7zuA= =WJe7 -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 09:11:55 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 09:11:57 2007 Subject: [Frugalware-security] [ FSA-300 ] phpmyadmin Message-ID: <20071023071155.6A3D713A4023@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-300 Date: 2007-10-23 Package: phpmyadmin Vulnerable versions: <= 2.11.1-1 Unaffected versions: >= 2.11.1.2-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2489 http://bugs.frugalware.org/task/2503 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5386 Description =========== Omer Singer has reported two vulnerabilities in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the user is running a browser that has not URL-encoded the request (e.g. Internet Explorer 6). 2) Input passed in the URL to server_status.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the target user has valid user credentials. NOTE: Some other potential cross-site scripting problems have also been fixed by the vendor. Updated Packages ================ Check if you have phpmyadmin installed: # pacman-g2 -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman-g2 -Sy phpmyadmin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHZ67Z7NElSD1VhkRAj1aAJsFKcO+A/AsYbVp1ek28U/v6S4hPACfT/+D njbUDLTfO7kpUGp9riUQdH0= =oSxi -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 09:19:11 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 09:19:13 2007 Subject: [Frugalware-security] [ FSA-301 ] madwifi Message-ID: <20071023071911.9AC9913A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-301 Date: 2007-10-23 Package: madwifi Vulnerable versions: <= 0.9.3.2-4 Unaffected versions: >= 0.9.3.3-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2495 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5448 Description =========== Clemens Kolbitsch and Sylvester Keil have reported a vulnerability in MadWifi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the processing of beacon frames. This can be exploited via a specially crafted beacon frame with an overly large "length" value (greater than 15) in the extended supported rates element ("xrates"). Successful exploitation causes the driver to exit and results in a kernel panic. Updated Packages ================ Check if you have madwifi installed: # pacman-g2 -Q madwifi If found, then you should upgrade to the latest version: # pacman-g2 -Sy madwifi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHaBvZ7NElSD1VhkRAq9iAJ0T9kP3+boR84qMW/WXU7qCoQML1wCgpj3q 3gSAOqVJ3zFkb7Np+eZ7eM8= =P+fB -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 09:25:23 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 09:25:25 2007 Subject: [Frugalware-security] [ FSA-302 ] hplip Message-ID: <20071023072523.20C6A13A4028@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-302 Date: 2007-10-23 Package: hplip Vulnerable versions: <= 2.7.7-1 Unaffected versions: >= 2.7.7-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2496 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5208 Description =========== Kees Cook has reported a vulnerability in HPLIP, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the hpssd daemon not properly sanitising certain input before using it to invoke sendmail using the "popen3()" method. This can be exploited to execute arbitrary commands with escalated privileges (e.g. "root") by sending specially crafted requests to the hpssd daemon. NOTE: Depending upon the configuration of hpssd, this may also be remotely exploitable. Updated Packages ================ Check if you have hplip installed: # pacman-g2 -Q hplip If found, then you should upgrade to the latest version: # pacman-g2 -Sy hplip -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHaHjZ7NElSD1VhkRAlOuAJ9WaRHsPS8uxBffdRyuNm+C+HUZuACgol8F yHJdjmL/gZjRANs5t/GT8QA= =EPSP -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 09:32:52 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 09:32:56 2007 Subject: [Frugalware-security] [ FSA-303 ] opera Message-ID: <20071023073252.8F0B913A4023@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-303 Date: 2007-10-23 Package: opera Vulnerable versions: <= 9.23-1 Unaffected versions: >= 9.24-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2502 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5540 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5541 Description =========== Some vulnerabilities have been reported in Opera, where one vulnerability has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks and to compromise a user's system. 1) Opera may launch external email or newsgroup clients incorrectly. This can be exploited to execute arbitrary commands by e.g. visiting a malicious website. Successful exploitation requires that the user has configured an external email or newsgroup client. 2) An error when processing frames from different websites can be exploited to bypass the same-origin policy. This allows to overwrite functions of those frames and to execute arbitrary HTML and script code in a user's browser session in context of other sites. Updated Packages ================ Check if you have opera installed: # pacman-g2 -Q opera If found, then you should upgrade to the latest version: # pacman-g2 -Sy opera -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHaOkZ7NElSD1VhkRAjaGAJ99DJN63Jt0w8VXERT6aU7ohLlMGwCfSfyT YTGtFIWITgaXcrQH4sZCBwM= =wyHb -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 09:40:22 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 09:40:26 2007 Subject: [Frugalware-security] [ FSA-304 ] drupal Message-ID: <20071023074022.D456713A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-304 Date: 2007-10-23 Package: drupal Vulnerable versions: <= 5.2-1 Unaffected versions: >= 5.2-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2507 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5595 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5596 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5597 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5594 Description =========== Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions, and by malicious users to conduct HTTP response splitting attacks. 1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which is included in a response sent to the user. This allows arbitrary HTML and script code to be executed in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires valid user credentials. 2) The Upload module includes the ".html" file extension in its default whitelist for file uploads. This can be exploited to upload arbitrary HTML files and enticing users to visit them, thereby executing arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The hook_components API operation does not pass the publication status. This makes it possible for modules including Organic groups and Subscriptions to send e-mail messages containing unpublished comments. Furthermore vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks and to compromise a vulnerable system. 1) Input passed to unspecified parameters in install.php is not properly sanitised. This can be exploited to execute arbitrary code. Successful exploitation of this vulnerability requires that the configured SQL server is not reachable. 2) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to delete users by enticing a logged-in administrator to visit a malicious site. Updated Packages ================ Check if you have drupal installed: # pacman-g2 -Q drupal If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHaVmZ7NElSD1VhkRAv2sAJ9I5s9TOF4FdEOHfmNmITam07hcTACfXKx9 tSNt/BpFj1Jm00MnJJ2OMDk= =shmW -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 13:05:05 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 13:05:07 2007 Subject: [Frugalware-security] [ FSA-305 ] firefox Message-ID: <20071023110505.9495213A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-305 Date: 2007-10-23 Package: firefox Vulnerable versions: <= 2.0.0.7-1 Unaffected versions: >= 2.0.0.8-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2235 http://bugs.frugalware.org/task/2513 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3511 Description =========== Some vulnerabilities and a weakness have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system. 1) Various errors in the browser engine can be exploited to cause a memory corruption. 2) Various errors in the Javascript engine can be exploited to cause a memory corruption. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. 3) An error in the handling of onUnload events can be exploited to read and manipulate the document's location of new pages. 4) Input passed to the user ID when making an HTTP request using Digest Authentication is not properly sanitised before being used in a request. This can be exploited to insert arbitrary HTTP headers into a user's request when a proxy is used. 5) An error when displaying web pages written in the XUL markup language can be exploited to hide the window's title bar and facilitate phishing attacks. 6) An error exists in the handling of "smb:" and "sftp:" URI schemes on Linux systems with gnome-vfs support. This can be exploited to read any file owned by the target user via a specially crafted page on the same server. Successful exploitation requires that the attacker has write access to a mutually accessible location on the target server and the user is tricked into loading the malicious page. 7) An unspecified error in the handling of "XPCNativeWrappers" can lead to execution of arbitrary Javascript code with the user's privileges via subsequent access by the browser chrome (e.g. when a user right-clicks to open a context menu). Furthermore a weakness has been discovered in Firefox, which potentially can be exploited by malicious people to disclose sensitive information. The weakness is caused due to a design error within the focus handling of form fields and can potentially be exploited by changing the focus from a "textarea" field to a "file upload" form field via the "OnKeyDown" event. Successful exploitation allows an arbitrary file on the user's system to be uploaded to a malicious web site, but requires that the user is tricked into typing the file name into a "textarea" input form. Updated Packages ================ Check if you have firefox installed: # pacman-g2 -Q firefox If found, then you should upgrade to the latest version: # pacman-g2 -Sy firefox -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHdVhZ7NElSD1VhkRAkn5AJ9L6kZha4nfm3F7+4pgV6fcDLBXoQCeONCZ 1ufGdp0iPZE7/l8a+BrJUR8= =AcFS -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Oct 23 13:14:17 2007 From: noreply at frugalware.org (voroskoi) Date: Tue Oct 23 13:14:19 2007 Subject: [Frugalware-security] [ FSA-306 ] seamonkey Message-ID: <20071023111417.2C0F613A4023@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-306 Date: 2007-10-23 Package: seamonkey Vulnerable versions: <= 1.1.4-1 Unaffected versions: >= 1.1.5-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2514 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2292 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5338 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5339 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5340 Description =========== Some vulnerabilities and a weakness have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to disclose sensitive information, conduct phishing attacks, manipulate certain data, and potentially compromise a user's system. 1) Various errors in the browser engine can be exploited to cause a memory corruption. 2) Various errors in the Javascript engine can be exploited to cause a memory corruption. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. 3) An error in the handling of onUnload events can be exploited to read and manipulate the document's location of new pages. 4) Input passed to the user ID when making an HTTP request using Digest Authentication is not properly sanitised before being used in a request. This can be exploited to insert arbitrary HTTP headers into a user's request when a proxy is used. 5) An error when displaying web pages written in the XUL markup language can be exploited to hide the window's title bar and facilitate phishing attacks. 6) An error exists in the handling of "smb:" and "sftp:" URI schemes on Linux systems with gnome-vfs support. This can be exploited to read any file owned by the target user via a specially crafted page on the same server. Successful exploitation requires that the attacker has write access to a mutually accessible location on the target server and the user is tricked into loading the malicious page. 7) An unspecified error in the handling of "XPCNativeWrappers" can lead to execution of arbitrary Javascript code with the user's privileges via subsequent access by the browser chrome (e.g. when a user right-clicks to open a context menu). Updated Packages ================ Check if you have seamonkey installed: # pacman-g2 -Q seamonkey If found, then you should upgrade to the latest version: # pacman-g2 -Sy seamonkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHHdeIZ7NElSD1VhkRAmlBAJ9KIOboFbU9zYnVWY4uVritBBaFdACgjzk7 PiWo01t9hFG761z9uU/VI4w= =LQN1 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 25 18:19:49 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 25 18:19:54 2007 Subject: [Frugalware-security] [ FSA-307 ] tomboy Message-ID: <20071025161949.E318B13A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-307 Date: 2007-10-25 Package: tomboy Vulnerable versions: <= 0.8.0-1 Unaffected versions: >= 0.8.0-2sayshell1 Related bugreport: http://bugs.frugalware.org/task/2370 CVE: There is no CVE for this issue. Description =========== Jab Oravec has reported a security issue in Tomboy, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the "/usr/bin/tomboy" script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running Tomboy in a directory containing a malicious library. Updated Packages ================ Check if you have tomboy installed: # pacman-g2 -Q tomboy If found, then you should upgrade to the latest version: # pacman-g2 -Sy tomboy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHIMIlZ7NElSD1VhkRAqARAJ9krOMXkCP35WpO8lglMGciMVRV8ACfbHQB Q5Ce4SjMgxOkrWFEajMw1SY= =oxX9 -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 25 18:26:25 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 25 18:26:27 2007 Subject: [Frugalware-security] [ FSA-308 ] asterisk Message-ID: <20071025162625.5080513A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-308 Date: 2007-10-25 Package: asterisk Vulnerable versions: <= 1.4.11-2 Unaffected versions: >= 1.4.13-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2494 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5358 Description =========== A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the IMAP-specific code for processing voicemail messages. This can be exploited to cause a buffer overflow via a specially crafted voicemail message sent as email containing an overly long (more than 1024 characters) combination of Content-Type or Content-Description headers. Successful exploitation requires that a user listens to the voicemail message via a phone. Updated Packages ================ Check if you have asterisk installed: # pacman-g2 -Q asterisk If found, then you should upgrade to the latest version: # pacman-g2 -Sy asterisk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD4DBQFHIMOxZ7NElSD1VhkRAm1dAJdJtzkPrRgyD3BWOI+qrtxRgjO/AJ4jRq5o 74ZK759tnixiYT6NDUAk+g== =WEr/ -----END PGP SIGNATURE----- From noreply at frugalware.org Thu Oct 25 18:31:12 2007 From: noreply at frugalware.org (voroskoi) Date: Thu Oct 25 18:31:14 2007 Subject: [Frugalware-security] [ FSA-309 ] asterisk-addons Message-ID: <20071025163112.EDF9C13A4026@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-309 Date: 2007-10-25 Package: asterisk-addons Vulnerable versions: <= 1.4.2-1 Unaffected versions: >= 1.4.4-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2506 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5488 Description =========== A vulnerability has been reported in Asterisk-Addons, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the source and destination numbers are not properly sanitised in the "cdr_addon_mysql" module before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Updated Packages ================ Check if you have asterisk-addons installed: # pacman-g2 -Q asterisk-addons If found, then you should upgrade to the latest version: # pacman-g2 -Sy asterisk-addons -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHIMTQZ7NElSD1VhkRAq2KAJ9sBvNlEGzWcogp23psd7TEpaQ61ACglxjZ Uz0eyr15Lr+595yjq5LY3pE= =J7M2 -----END PGP SIGNATURE-----