From noreply at frugalware.org Sat Feb 9 13:48:05 2008 From: noreply at frugalware.org (vmiklos) Date: Sat Feb 9 13:48:07 2008 Subject: [Frugalware-security] [ FSA-367 ] qt4 Message-ID: <20080209124805.10ADD11901F5@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-367 Date: 2008-02-08 Package: qt4 Vulnerable versions: <= 4.3.1-3 Unaffected versions: >= 4.3.1-4sayshell1 Related bugreport: http://bugs.frugalware.org/task/2716 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5965 Description =========== A vulnerability has been reported in Qt, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the certificate validation in QSslSocket, which can be exploited to e.g. trick an application using QSslSocket into accepting spoofed certificates. Updated Packages ================ Check if you have qt4 installed: # pacman-g2 -Q qt4 If found, then you should upgrade to the latest version: # pacman-g2 -Sy qt4 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHraEFZ7NElSD1VhkRApv4AKCNOcwGfBiSUOXRg2c9TToTNAFd0gCeO+S1 YROEmmPqYl5vb7vo8BCXDJY= =tgkf -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Feb 12 12:09:23 2008 From: noreply at frugalware.org (vmiklos) Date: Tue Feb 12 12:09:26 2008 Subject: [Frugalware-security] [ FSA-368 ] flashplugin Message-ID: <20080212110923.6303F176C053@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-368 Date: 2008-02-12 Package: flashplugin Vulnerable versions: <= 9.0.48.0-1 Unaffected versions: >= 9.0.115.0-1sayshell1 Related bugreport: http://bugs.frugalware.org/task/2712 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4324 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6244 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6246 Description =========== Some vulnerabilities have been reported in Adobe Flash Player, where one vulnerability has an unknown impact and others can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP request splitting attacks, disclose sensitive information, cause a Denial of Service (DoS), or to potentially compromise a user's system. 1) An error when parsing specially crafted regular expressions can be exploited to cause a heap-based buffer overflow. 2) An error exists in the processing of SWF embedded JPG images. This can be exploited to corrupt the heap via specially crafted X and Y densities specified in the JPG header. 3) An error exists when pinning a hostname to an IP address. This can be exploited to conduct DNS rebinding attacks via allow-access-from elements in cross-domain-policy XML documents. 4) An error exists in the enforcing of cross-domain policy files. This can be exploited to bypass certain security restrictions on web servers hosting cross-domain policy files. 5) Input passed to unspecified parameters when handling the "asfunction:" protocol is not properly sanitised before being returned to the user. This can be exploited to inject arbitrary HTML and script code in a user's browser session in context of an affected site. 6) An unspecified error can be exploited to modify HTTP headers and conduct HTTP request splitting attacks. 7) An error within the implementation of the Socket or XMLSocket ActionScript classes can be exploited to determine if a port on a remote host is opened or closed. 8) An error within the setting of memory permissions in Adobe Flash Player for Linux can be exploited by malicious, local users to gain escalated privileges. Updated Packages ================ Check if you have flashplugin installed: # pacman-g2 -Q flashplugin If found, then you should upgrade to the latest version: # pacman-g2 -Sy flashplugin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHsX5iZ7NElSD1VhkRAovNAJsE40NEIaNM9cen5CtXIhuRzJlaRACggZsY 4ccbN3OIiC0SWsXayBzuXrY= =f+gs -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Feb 12 12:17:56 2008 From: noreply at frugalware.org (vmiklos) Date: Tue Feb 12 12:17:58 2008 Subject: [Frugalware-security] [ FSA-369 ] kernel Message-ID: <20080212111756.EDF2511904DD@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-369 Date: 2008-02-08 Package: kernel Vulnerable versions: <= 2.6.22-7sayshell4 Unaffected versions: >= 2.6.22-7sayshell5 Related bugreport: http://bugs.frugalware.org/task/2759 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0600 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges. The vulnerability is caused due to the missing verification of parameters within the "vmsplice_to_user()", "copy_from_user_mmap_sem()", and "get_iovec_page_array()" functions in fs/splice.c before using them to perform certain memory operations. This can be exploited to e.g. read or write to arbitrary kernel memory via a specially crafted "vmsplice()" system call. Successful exploitation allows attackers to e.g. gain "root" privileges. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHsYBkZ7NElSD1VhkRAonfAJ4zDayptuRfmWYuYB2MqrThIKTk6gCbBwS2 jOV4V6r5wWE6upzP7e1VP0w= =cQkG -----END PGP SIGNATURE----- From noreply at frugalware.org Sat Feb 23 23:38:39 2008 From: noreply at frugalware.org (vmiklos) Date: Sat Feb 23 23:38:41 2008 Subject: [Frugalware-security] [ FSA-370 ] mplayer Message-ID: <20080223223839.4ECD511901F8@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-370 Date: 2008-02-23 Package: mplayer Vulnerable versions: <= 1.0rc1-8 Unaffected versions: >= 1.0rc1-9sayshell1 Related bugreport: http://bugs.frugalware.org/task/2774 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0485 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0486 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0630 Description =========== Some vulnerabilities have been reported in MPlayer, which can be exploited by malicious people to compromise a user's system. 1) A boundary error exists within the libmpdemux/demux_audio.c file when parsing FLAC comments. This can be exploited to corrupt memory via a specially crafted FLAC file. 2) An array indexing error exists within the libmpdemux/demux_mov.c file when parsing MOV file headers. This can be exploited to corrupt heap memory via a specially crafted MOV file. 3) A boundary error exists within the "url_scape_string()" function in stream/url.c. This can be exploited to cause a buffer overflow via a specially crafted URL. 4) A boundary error exists within the "cddb_parse_matches_list()" and "cddb_query_parse()" functions in stream/stream_cddb.c. This can be exploited to cause a stack-based buffer overflow via an overly long album title received from a CDDB server. Successful exploitation allows execution of arbitrary code. Updated Packages ================ Check if you have mplayer installed: # pacman-g2 -Q mplayer If found, then you should upgrade to the latest version: # pacman-g2 -Sy mplayer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHwKBvZ7NElSD1VhkRAqJaAKCTgYtriCPnozyTneTS2fBHlpWCTgCcDp9B YoDTIop7VXQiw/Z8wegNKpY= =yqS8 -----END PGP SIGNATURE----- From noreply at frugalware.org Tue Feb 26 22:08:46 2008 From: noreply at frugalware.org (vmiklos) Date: Tue Feb 26 22:08:48 2008 Subject: [Frugalware-security] [ FSA-371 ] openldap Message-ID: <20080226210846.4A01E11904D7@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-371 Date: 2008-02-26 Package: openldap Vulnerable versions: <= 2.3.39-1sayshell1 Unaffected versions: >= 2.3.39-1sayshell2 Related bugreport: http://bugs.frugalware.org/task/2786 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0658 Description =========== A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the implementation of modrdn operations. This can be exploited to crash the slapd daemon via a modrdn operation with a NOOP control. Updated Packages ================ Check if you have openldap installed: # pacman-g2 -Q openldap If found, then you should upgrade to the latest version: # pacman-g2 -Sy openldap -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iD8DBQFHxH/eZ7NElSD1VhkRAvheAJ9zOE4i/rwSnRo9fugzlA+cge3hjACdHRoO ja1WTOsHsCfVYsVMUnwvn4I= =enUY -----END PGP SIGNATURE-----