From vmiklos at frugalware.org Fri Aug 15 20:52:39 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri Aug 15 20:52:46 2008 Subject: [Frugalware-security] [ FSA-504 ] mantis Message-ID: <20080815185239.0FF031190001@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-504 Date: 2008-08-15 Package: mantis Vulnerable versions: <= 1.1.1-1 Unaffected versions: >= 1.1.2-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3249 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2276 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3331 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3332 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3333 Description =========== Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed to the "filter_target" parameter in return_dynamic_filters.php is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. add a new user with administrative privileges by enticing a logged-in administrator to visit a malicious site. 3) Input passed to the "value" parameter in adm_config_set.php is not properly sanitised before being used in an "eval()" statement. This can be exploited to e.g. execute arbitrary PHP commands via a specially crafted request. Successful exploitation requires administrator access, but see vulnerability #2. 4) Input passed to the "language" parameter in account_prefs_update.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources. Updated Packages ================ Check if you have mantis installed: # pacman-g2 -Q mantis If found, then you should upgrade to the latest version: # pacman-g2 -Sy mantis Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/504 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkil0HcACgkQZ7NElSD1VhmmLQCfScuYztsd++PTfxgjbeIQ3ss3 ePoAoJ/dt00UmbYRlvxmnNgcsAuBI3F3 =x+OF -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat Aug 16 00:58:28 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat Aug 16 00:58:36 2008 Subject: [Frugalware-security] [ FSA-505 ] phpmyadmin Message-ID: <20080815225828.D8E5A1190002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-505 Date: 2008-08-16 Package: phpmyadmin Vulnerable versions: <= 2.11.7.1-1kalgan1 Unaffected versions: >= 2.11.8.1-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3271 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3456 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3457 Description =========== Aung Khant has reported two vulnerabilities in phpMyAdmin, which can be exploited by malicious local users to conduct cross-site scripting attacks, and by malicious people to conduct spoofing attacks. 1) Many scripts except for index.php do not check if they are linked into another site's frames. This can potentially be used for spoofing and phishing attacks. 2) Input from the config/config.inc.php configuration file to scripts/setup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have phpmyadmin installed: # pacman-g2 -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman-g2 -Sy phpmyadmin Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/505 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkimChQACgkQZ7NElSD1VhmG3QCgo8C+KIH8JMyZRMXLPCdsvSW2 FQcAmQFOw8dhDygFb9R6v+wM6qwAGgh/ =gDJE -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat Aug 16 01:04:39 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat Aug 16 01:04:48 2008 Subject: [Frugalware-security] [ FSA-506 ] drupal Message-ID: <20080815230439.385CD1190001@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-506 Date: 2008-08-16 Package: drupal Vulnerable versions: <= 5.9-1kalgan1 Unaffected versions: >= 5.10-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3299 CVE: There is no CVE for this issue yet, see http://drupal.org/node/295053 Description =========== Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to an unspecified parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A vulnerability is caused by the fact that the private filesystem uses the MIME media type it receives from the web browser when handling uploads. This can be exploited for script insertion attacks. Successful exploitation of this vulnerability requires valid user credentials with the right to upload files. 3) A vulnerability is caused due to missing restrictions on what file types that users are allowed to upload in the BlogAPI module. This can be exploited to e.g. execute arbitrary PHP code. Successful exploitation of this vulnerability requires valid user credentials with the "administer content with blog api" permission. 4) A vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to add or delete user access rules, by enticing a logged-in user to visit a malicious web page. Updated Packages ================ Check if you have drupal installed: # pacman-g2 -Q drupal If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/506 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkimC4cACgkQZ7NElSD1VhmjMwCfdqv8auV1lEXY8I8swTSqcAEu Df4AnRnNKjhpO8G8WtrEaFxoxRE6bxMu =2COP -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat Aug 16 01:11:19 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat Aug 16 01:11:26 2008 Subject: [Frugalware-security] [ FSA-507 ] postfix Message-ID: <20080815231119.4CAD91190001@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-507 Date: 2008-08-16 Package: postfix Vulnerable versions: <= 2.4.6-1 Unaffected versions: >= 2.4.7-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3296 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2937 Description =========== Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. 1) A security issue is caused due to Postfix incorrectly handling symlink files. This can be exploited to e.g. append mail messages to arbitrary files by creating a hardlink to a symlink owned by the root user. Successful exploitation requires write permission to the mail spool directory, that there is no "root" mailbox, and users can create a hardlink to a symlink (e.g. Linux 2.x, Solaris, Irix 6.5). 2) A security issue is caused due to Postfix not correctly checking the ownership of the destination when delivering email. This can be exploited to e.g. disclose emails by creating an insecure mailbox file for other users. Successful exploitation requires permission to create files within the mail spool directory. Updated Packages ================ Check if you have postfix installed: # pacman-g2 -Q postfix If found, then you should upgrade to the latest version: # pacman-g2 -Sy postfix Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/507 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkimDRcACgkQZ7NElSD1VhnhVgCfReAjhm1w7HqBMHToy9C27Bop 5jMAnjXRMVPuAd2nD6kH/PuV+UEfHR84 =8lzw -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 26 16:17:48 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue Aug 26 16:17:55 2008 Subject: [Frugalware-security] [ FSA-509 ] firefox Message-ID: <20080826141748.ABC5211901F5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-509 Date: 2008-08-26 Package: firefox Vulnerable versions: <= 2.0.0.14-1kalgan1 Unaffected versions: >= 2.0.0.15-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3202 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2805 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2808 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2809 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2810 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811 Description =========== Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. 1) Multiple errors in the layout and JavaScript engines can be exploited to corrupt memory. 2) An error in the handling of unprivileged XUL documents can be exploited to load Chrome scripts from a "fastload" file via "script" elements. 3) An error in the "mozIJSSubScriptLoader.LoadScript()" function can be exploited to bypass XPCNativeWrappers and run arbitrary code with Chrome privileges. Successful exploitation requires that an add-on using the affected function is installed. 4) An error in the block reflow process can be exploited to cause a crash or potentially execute arbitrary code. 5) An error in the processing of file URLs contained within local directory listings can potentially be exploited to execute malicious JavaScript content. 6) Multiple errors in the implementation of the JavaScript same origin policy can be exploited to execute arbitrary script code in the context of a different domain. 7) Multiple errors in the verification of signed JAR files can be exploited to execute arbitrary JavaScript code with the privileges of the JAR's signer. 8) An error in the implementation of file upload forms can be exploited to upload arbitrary local files to a remote webserver via specially crafted "DOM Range" and "originalTarget" elements. 9) An error in the Java LiveConnect implementation on Mac OS X can be exploited to establish arbitrary socket connections. 10) An uninitialized memory access in the processing of improperly encoded ".properties" files can potentially be exploited to disclose sensitive memory via an add-on using the malformed file. 11) An error in the processing of "Alt Names" provided by "peer" trusted certificates can be exploited to conduct spoofing attacks. 12) An error in the processing of Windows URL shortcuts can be exploited to run a remote site as a local file. Updated Packages ================ Check if you have firefox installed: # pacman-g2 -Q firefox If found, then you should upgrade to the latest version: # pacman-g2 -Sy firefox Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/509 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki0EIwACgkQZ7NElSD1VhmixwCgg+mMNH6loHsSFxVmKSmgqQqm CP8An1NW09txMiXBTnzcvVBshk6t8Wrd =B+XN -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 26 16:20:12 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue Aug 26 16:20:18 2008 Subject: [Frugalware-security] [ FSA-510 ] thunderbird Message-ID: <20080826142012.57EAE11901F5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-510 Date: 2008-08-26 Package: thunderbird Vulnerable versions: <= 2.0.0.14-1kalgan1 Unaffected versions: >= 2.0.0.16-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3206 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2799 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2811 Description =========== Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. For more information, see FSA509 Updated Packages ================ Check if you have thunderbird installed: # pacman-g2 -Q thunderbird If found, then you should upgrade to the latest version: # pacman-g2 -Sy thunderbird Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/510 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki0ERwACgkQZ7NElSD1VhlUvwCfZXmfeqPNO0wBlV3xqFDOIe75 I9kAoKR3k3144Jdjyb4NBzYns0nR2sGR =H8eU -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 26 16:22:07 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue Aug 26 16:22:15 2008 Subject: [Frugalware-security] [ FSA-511 ] pdns Message-ID: <20080826142207.A956411901F5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-511 Date: 2008-08-26 Package: pdns Vulnerable versions: <= 2.9.21-3 Unaffected versions: >= 2.9.21.1-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3309 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337 Description =========== A weakness has been reported in PowerDNS, which can be exploited by malicious people to conduct spoofing attacks. The weakness is caused due to the server dropping DNS queries for invalid DNS records within a valid domain. This can be exploited to facilitate the spoofing of the valid domain on third-party DNS servers. Updated Packages ================ Check if you have pdns installed: # pacman-g2 -Q pdns If found, then you should upgrade to the latest version: # pacman-g2 -Sy pdns Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/511 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki0EY8ACgkQZ7NElSD1VhmF3wCffee5vNIMVqgV6TLD43U7Kbny jT8AnjiHQRSPwKUiVUmCp2T4LVEFnwlx =hRd0 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 26 16:24:35 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue Aug 26 16:24:47 2008 Subject: [Frugalware-security] [ FSA-512 ] amarok Message-ID: <20080826142435.6708711901F5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-512 Date: 2008-08-26 Package: amarok Vulnerable versions: <= 1.4.8-2 Unaffected versions: >= 1.4.10-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3312 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3699 Description =========== A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "MagnatuneBrowser::listDownloadComplete()" function handling temporary files in an insecure manner. This can be exploited via symlink attacks in combination with a race condition to overwrite arbitrary files with the privileges of the user running the application. Updated Packages ================ Check if you have amarok installed: # pacman-g2 -Q amarok If found, then you should upgrade to the latest version: # pacman-g2 -Sy amarok Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/512 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki0EiMACgkQZ7NElSD1VhlVPwCfZPh0eAwqoKpL8kpGzUlayDei nt4AnRpxylF2xujjfEuPMW807Z18Bu9b =L9pc -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 26 16:31:00 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue Aug 26 16:31:08 2008 Subject: [Frugalware-security] [ FSA-513 ] git Message-ID: <20080826143100.CACC711901F5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-513 Date: 2008-08-26 Package: git Vulnerable versions: <= 1.5.4.3-1 Unaffected versions: >= 1.5.6.4-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3305 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3546 Description =========== Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep. Updated Packages ================ Check if you have git installed: # pacman-g2 -Q git If found, then you should upgrade to the latest version: # pacman-g2 -Sy git Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/513 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki0E6QACgkQZ7NElSD1VhlycgCfV0RooKO35cNE8tcDZyiLD5b9 yD4AnRrlImVB1X0ogxtY4WKBMeP5YPLs =QWLu -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Aug 29 02:13:43 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri Aug 29 02:13:51 2008 Subject: [Frugalware-security] [ FSA-514 ] libxslt Message-ID: <20080829001343.5EE16119003C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-514 Date: 2008-08-29 Package: libxslt Vulnerable versions: <= 1.1.22-2kalgan1 Unaffected versions: >= 1.1.22-2kalgan2 Related bugreport: http://bugs.frugalware.org/task/3285 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2935 Description =========== Chris Evans has reported some vulnerabilities in libxslt, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to boundary errors within crypto.c when handling the XSLT "crypto:rc4_encrypt" and "crypto:rc4_decrypt" functions. This can be exploited to cause a heap-based buffer overflow via a specially crafted stylesheet. Updated Packages ================ Check if you have libxslt installed: # pacman-g2 -Q libxslt If found, then you should upgrade to the latest version: # pacman-g2 -Sy libxslt Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/514 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki3PzcACgkQZ7NElSD1Vhm2LgCeMu1x8fiLZk0TyzxSNmtTxWJd tr0AnAuVhe/12C7ZKvyHY9tNZNsHsTEO =h3VR -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Aug 29 02:16:12 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri Aug 29 02:16:18 2008 Subject: [Frugalware-security] [ FSA-515 ] ruby Message-ID: <20080829001612.897BD1190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-515 Date: 2008-08-29 Package: ruby Vulnerable versions: <= 1.8.6-4 Unaffected versions: >= 1.8.6-5kalgan1 Related bugreport: http://bugs.frugalware.org/task/3300 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3657 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3443 Description =========== Some vulnerabilities have been reported in Ruby, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and conduct spoofing attacks. 1) Multiple errors in the implementation of safe level restrictions can be exploited to call "untrace_var()", perform syslog operations, and modify "$PROGRAM_NAME" at safe level 4, or call insecure methods at safe levels 1 through 3. 2) An error exists in the usage of regular expressions in "WEBrick::HTTPUtils.split_header_value()". This can be exploited to consume large amounts of CPU via a specially crafted HTTP request. 3) An error in "DL" can be exploited to bypass security restrictions and call potentially dangerous functions. 4) The vulnerability is caused due to resolv.rb not sufficiently randomising the DNS query port number, which can be exploited to poison the DNS cache. Updated Packages ================ Check if you have ruby installed: # pacman-g2 -Q ruby If found, then you should upgrade to the latest version: # pacman-g2 -Sy ruby Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/515 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki3P8wACgkQZ7NElSD1Vhm13ACgoQ422uCLHA+Ud21SWbDR33F7 kfAAn0RDN6FEGAt43tPU4ctOr1pFqjfI =A/vc -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Aug 29 02:18:38 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri Aug 29 02:18:46 2008 Subject: [Frugalware-security] [ FSA-516 ] links Message-ID: <20080829001838.F25281190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-516 Date: 2008-08-29 Package: links Vulnerable versions: <= 2.1pre33-1 Unaffected versions: >= 2.1-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3272 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3329 Description =========== Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs." Updated Packages ================ Check if you have links installed: # pacman-g2 -Q links If found, then you should upgrade to the latest version: # pacman-g2 -Sy links Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/516 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki3QF4ACgkQZ7NElSD1VhkrcgCgg2ZigjK6OY1Njs8vm7+tWUT7 idQAoKC5+2xLeE6Uhdj6wD38/h0/Dns4 =QXxt -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Aug 29 02:23:51 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri Aug 29 02:23:59 2008 Subject: [Frugalware-security] [ FSA-517 ] apache Message-ID: <20080829002351.9FC891190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-517 Date: 2008-08-29 Package: apache Vulnerable versions: <= 2.2.8-2kalgan1 Unaffected versions: >= 2.2.8-2kalgan2 Related bugreport: http://bugs.frugalware.org/task/3307 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939 Description =========== A vulnerability has been reported in Apache, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to mod_proxy_ftp via an URL containing a FTP wildcard character (e.g. "*"), is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have apache installed: # pacman-g2 -Q apache If found, then you should upgrade to the latest version: # pacman-g2 -Sy apache Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/517 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki3QZcACgkQZ7NElSD1VhnnsACfQzrKHWfv2P0nKVwuPqAbhUZP yXIAn2ZiHkm4yeyBtsk9q/1jJVNEH7Aw =Y6/4 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Aug 29 02:26:26 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri Aug 29 02:26:35 2008 Subject: [Frugalware-security] [ FSA-518 ] python Message-ID: <20080829002626.52F091190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-518 Date: 2008-08-29 Package: python Vulnerable versions: <= 2.5.2-2kalgan1 Unaffected versions: >= 2.5.2-2kalgan2 Related bugreport: http://bugs.frugalware.org/task/3286 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 Description =========== Some vulnerabilities have been reported in Python, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. 1) Various integer overflow errors exist in core modules e.g. stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, mmapmodule. 2) An integer overflow in the hashlib module can lead to an unreliable cryptographic digest results. 3) Integer overflow errors in the processing of unicode strings can be exploited to cause buffer overflows on 32-bit systems. 4) An integer overflow exists in the PyOS_vsnprintf() function on architectures that do not have a "vsnprintf()" function. 5) An integer underflow error in the PyOS_vsnprintf() function when passing zero-length strings can lead to memory corruption. Successful exploitation of some of these vulnerabilities may allow to crash an application or to execute arbitrary code, but depends on the implementation of an Python application. Updated Packages ================ Check if you have python installed: # pacman-g2 -Q python If found, then you should upgrade to the latest version: # pacman-g2 -Sy python Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/518 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki3QjIACgkQZ7NElSD1Vhk54QCgobt/du+ria8iNwHB0j59gwSr AS4AoKAZvF8zJJkvt0SQJJijy2HcD2z4 =XtXs -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:40:45 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:40:54 2008 Subject: [Frugalware-security] [ FSA-519 ] httrack Message-ID: <20080831174045.5DD651190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-519 Date: 2008-08-31 Package: httrack Vulnerable versions: <= 3.42-1 Unaffected versions: >= 3.42_3-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3304 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3429 Description =========== A security issue has been reported in HTTrack, which potentially can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to a boundary error when processing command line arguments. This can be exploited to cause a buffer overflow by passing overly long URLs to the application. Updated Packages ================ Check if you have httrack installed: # pacman-g2 -Q httrack If found, then you should upgrade to the latest version: # pacman-g2 -Sy httrack Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/519 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki6150ACgkQZ7NElSD1VhmIugCffWauf7fbq8cNrmspwf0FXug0 oSIAni/OGSdX4luyJC0NHUXGToOOr4bV =1O6/ -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:42:55 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:43:02 2008 Subject: [Frugalware-security] [ FSA-520 ] freetype2 Message-ID: <20080831174255.686571190005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-520 Date: 2008-08-31 Package: freetype2 Vulnerable versions: <= 2.3.5-2 Unaffected versions: >= 2.3.7-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3178 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1808 Description =========== Some vulnerabilities have been reported in FreeType, which potentially can be exploited by malicious people to compromise an application using the library. 1) An integer overflow error exists in the processing of PFB font files. This can be exploited to cause a heap-based buffer overflow via a PFB file containing a specially crafted "Private" dictionary table. 2) An error in the processing of PFB font files can be exploited to trigger the "free()" of memory areas that are not allocated on the heap. 3) An off-by-one error exists in the processing of PFB font files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted PFB file. 4) An off-by-one error exists in the implementation of the "SHC" instruction while processing TTF files. This can be exploited to cause a one-byte heap-based buffer overflow via a specially crafted TTF file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Updated Packages ================ Check if you have freetype2 installed: # pacman-g2 -Q freetype2 If found, then you should upgrade to the latest version: # pacman-g2 -Sy freetype2 Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/520 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki62B8ACgkQZ7NElSD1Vhn9mQCgkrhWLGzvH32QiewjXYR8S+Ib LrMAn2brNfn4ogsDcSYjskFwQbD1OwQL =fmjM -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:44:43 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:44:50 2008 Subject: [Frugalware-security] [ FSA-521 ] openttd Message-ID: <20080831174443.4114D1190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-521 Date: 2008-08-31 Package: openttd Vulnerable versions: <= 0.5.3-1 Unaffected versions: >= 0.6.2-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3303 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3577 Description =========== A vulnerability has been reported in OpenTTD, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "TruncateString()" function in src/gfx.cpp. This can be exploited to potentially cause a buffer overflow via a specially crafted string. Successful exploitation may allow execution of arbitrary code. Updated Packages ================ Check if you have openttd installed: # pacman-g2 -Q openttd If found, then you should upgrade to the latest version: # pacman-g2 -Sy openttd Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/521 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki62IsACgkQZ7NElSD1VhlDnQCdHJBP3mHZHNdE21umGm20r5P5 dwIAnAqkZFVcWRTzg2Ov5h9aV6nbqiSP =laEC -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:50:25 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:50:32 2008 Subject: [Frugalware-security] [ FSA-522 ] mono Message-ID: <20080831175025.9919F119003C@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-522 Date: 2008-08-31 Package: mono Vulnerable versions: <= 1.2.6-3 Unaffected versions: >= 1.2.6-4kalgan1 Related bugreport: http://bugs.frugalware.org/task/3306 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3422 Description =========== Dean Brettle has reported some security issues in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks. The security issues are caused due to Mono's ASP.net implementation not properly sanitising certain attributes (e.g. "HtmlSelect.Value", "HtmlSelect.Text", and the "action" attribute of the "form" element). This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have mono installed: # pacman-g2 -Q mono If found, then you should upgrade to the latest version: # pacman-g2 -Sy mono Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/522 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki62eEACgkQZ7NElSD1VhlscACfRxYERciiOg2mweJlqnc6T7z3 f5sAoIscpgtbZrtPi/9uzCbGzvWmAa9m =uyOB -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:52:14 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:52:21 2008 Subject: [Frugalware-security] [ FSA-523 ] poppler Message-ID: <20080831175214.E0E951190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-523 Date: 2008-08-31 Package: poppler Vulnerable versions: <= 0.6.4-1 Unaffected versions: >= 0.6.4-2kalgan1 Related bugreport: http://bugs.frugalware.org/task/3311 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2950 Description =========== A vulnerability has been reported in Poppler, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to the "Page" constructor leaving the "pageWidgets" object uninitialized under specific circumstances. This can be exploited to potentially trigger the "free()" of an arbitrary address when the object is deleted. Successful exploitation may allow execution of arbitrary code via a specially crafted PDF file. Updated Packages ================ Check if you have poppler installed: # pacman-g2 -Q poppler If found, then you should upgrade to the latest version: # pacman-g2 -Sy poppler Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/523 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki62k4ACgkQZ7NElSD1VhmItACffjMQThr8ClE28kiI4YLaQ7MG os0AoI556zDm6IoftPu97Nns/PGReK6I =9sUF -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:54:03 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:54:10 2008 Subject: [Frugalware-security] [ FSA-524 ] graphicsmagick Message-ID: <20080831175403.A09BF1190059@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-524 Date: 2008-08-31 Package: graphicsmagick Vulnerable versions: <= 1.1.14-1kalgan1 Unaffected versions: >= 1.2.4-1kalgan1 Related bugreport: http://bugs.frugalware.org/task/3204 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3134 Description =========== Some vulnerabilities have been reported in GraphicsMagick, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Multiple errors exist in the AVI, AVS, DCM, EPT, FITS, MTV, PALM, RLA, and TGA decoders. These can be exploited to trigger crashes, overly large memory allocations, or the execution of infinite loops. 2) An error within the "GetImageCharacteristics()" function in magick/image.c can be exploited to crash an affected application via specially crafted e.g. PNG, JPEG, BMP, or TIFF files. Updated Packages ================ Check if you have graphicsmagick installed: # pacman-g2 -Q graphicsmagick If found, then you should upgrade to the latest version: # pacman-g2 -Sy graphicsmagick Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/524 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki62rsACgkQZ7NElSD1VhlmhgCfeIIN3GysgUxanUN4/WGTg/xK 3AMAn1nIHbZvcJEWnDFZ+KyF1vxCEJXD =1GB2 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 31 19:55:45 2008 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun Aug 31 19:55:52 2008 Subject: [Frugalware-security] [ FSA-525 ] pidgin Message-ID: <20080831175545.29D431190009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-525 Date: 2008-08-31 Package: pidgin Vulnerable versions: <= 2.4.3-1kalgan1 Unaffected versions: >= 2.4.3-1kalgan2 Related bugreport: http://bugs.frugalware.org/task/3308 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3532 Description =========== A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks. The problem is that the certificate presented by e.g. a Jabber server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack. Successful exploitation requires that Pidgin is configured to use the NSS plugin. Updated Packages ================ Check if you have pidgin installed: # pacman-g2 -Q pidgin If found, then you should upgrade to the latest version: # pacman-g2 -Sy pidgin Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/525 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAki62yEACgkQZ7NElSD1VhlgogCeNKFCFMdvnWz5g8faEe94leK5 4tsAoJt3JF1ptmloHjmTjGlzyFymQhPX =jH0V -----END PGP SIGNATURE-----