From vmiklos at frugalware.org Thu Apr 1 00:30:41 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Thu, 1 Apr 2010 00:30:41 +0200 (CEST) Subject: [Frugalware-security] [ FSA-650 ] php Message-ID: <20100331223041.424751240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-650 Date: 2010-04-01 Package: php Vulnerable versions: <= 5.3.1-2 Unaffected versions: >= 5.3.2-1locris1 Related bugreport: http://bugs.frugalware.org/task/4165 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1128 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1129 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1130 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0397 Description =========== Two vulnerabilities have been reported in PHP, which can be exploited by malicious users to bypass certain security restrictions. 1) An error in the session extension can be exploited to bypass the "safe_mode" and "open_basedir" feature. 2) A validation error exists within the "tempnam()" function, which can be exploited to bypass the "safe_mode" feature. A NULL pointer dereference has been reported in the xmlrpc extension, in a call to estrdup(). This bug can at least be used to perform DoS attacks. Updated Packages ================ Check if you have php installed: # pacman-g2 -Q php If found, then you should upgrade to the latest version: # pacman-g2 -Sy php Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/650 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkuzzRAACgkQZ7NElSD1VhlLcACeOxWOSEHL8XuP6UsnRymyJclQ V+UAnj/ZPxiPH37rvH/yZiSNq3YjJZCs =dsW6 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Apr 2 13:54:04 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 2 Apr 2010 13:54:04 +0200 (CEST) Subject: [Frugalware-security] [ FSA-651 ] j2sdk Message-ID: <20100402115404.F009B1240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-651 Date: 2010-04-02 Package: j2sdk Vulnerable versions: <= 6-21 Unaffected versions: >= 6-22locris1 Related bugreport: http://bugs.frugalware.org/task/4167 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0082 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0084 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0085 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0087 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0088 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0090 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0091 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0092 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0837 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0838 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0839 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0840 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0842 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0843 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0844 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0845 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0846 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0850 Description =========== Multiple vulnerabilities have been reported in Sun Java, where some have an unknown impact and others can be exploited by malicious people to manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. 1) An error in the implementation of the "HeadspaceSoundbank" class can be exploited to cause a stack-based buffer overflow via a crafted Soundbank file with an overly long name. 2) An error in the implementation of the "HeadspaceSoundbank" class can be exploited to cause a heap-based buffer overflow via a crafted Soundbank file with an overly long record. 3) An input validation error in the processing of image files can be exploited to cause a heap-based buffer overflow, e.g. if a user visits a web page containing a specially crafted java applet. Successful exploitation of these vulnerabilities allows execution of arbitrary code. 4) Unspecified vulnerabilities exist in the ImageIO, Java 2D, Java Runtime Environment, Java Web Start, Java Plug-in, Pack200, Sound, and HotSpot Server components. 5) An error in the JSSE component while handling TLS session re-negotiations can be exploited to manipulate certain data. 5) An unspecified error in the Java Web Start, Java Plug-in component can be exploited to manipulate certain data or cause a DoS. 6) Two unspecified errors in the Java Runtime Environment can be exploited to disclose unspecified information. 7) An unspecified error in the Java Web Start, Java Plug-in component can be exploited to cause a DoS. Updated Packages ================ Check if you have j2sdk installed: # pacman-g2 -Q j2sdk If found, then you should upgrade to the latest version: # pacman-g2 -Sy j2sdk Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/651 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAku12tsACgkQZ7NElSD1Vhlr2gCfVPlRsONU1+uTajYITL/Pt5rk pTgAnRP2brHVSzD+XjO0GXuAN6FafjvH =EHdI -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat Apr 3 18:16:27 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 3 Apr 2010 18:16:27 +0200 (CEST) Subject: [Frugalware-security] [ FSA-652 ] firefox Message-ID: <20100403161627.ECCDD20E0004@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-652 Date: 2010-04-03 Package: firefox Vulnerable versions: <= 3.6.2-1locris1 Unaffected versions: >= 3.6.3-1locris1 Related bugreport: http://bugs.frugalware.org/task/4171 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1121 Description =========== A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when moving DOM nodes between documents and can be exploited via a specially crafted web page. Successful exploitation allows execution of arbitrary code. Updated Packages ================ Check if you have firefox installed: # pacman-g2 -Q firefox If found, then you should upgrade to the latest version: # pacman-g2 -Sy firefox Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/652 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAku3adsACgkQZ7NElSD1Vhml8QCfUDnT0iGs5FQQD5QV/uSw1YAm nIIAnRsKTlromCLTpYIRUaTYDC7CXI+g =nRYr -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Apr 12 23:37:40 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 12 Apr 2010 23:37:40 +0200 (CEST) Subject: [Frugalware-security] [ FSA-653 ] kernel Message-ID: <20100412213740.44BE11240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-653 Date: 2010-04-12 Package: kernel Vulnerable versions: <= 2.6.32-3 Unaffected versions: >= 2.6.32-4locris1 Related bugreport: http://bugs.frugalware.org/task/4175 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1146 Description =========== A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the ReiserFS file system implementation not properly restricting access to the ".reiserfs_priv" directory, which can be exploited to e.g. gain root privileges by modifying ACLs or extended attributes. Successful exploitation requires that the ReiserFS file system is used. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/653 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvDkqQACgkQZ7NElSD1VhkZpgCgi3tH5w34Ifpw4rboYhGXFor7 RWQAmgJ1vbgyJprgDkEe4pjGQTk2Nr8T =Auqd -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Apr 12 23:43:37 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 12 Apr 2010 23:43:37 +0200 (CEST) Subject: [Frugalware-security] [ FSA-654 ] drupal6-i18n Message-ID: <20100412214337.CC2E51240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-654 Date: 2010-04-12 Package: drupal6-i18n Vulnerable versions: <= 6.x_1.3-1locris1 Unaffected versions: >= 6.x_1.4-1locris1 Related bugreport: http://bugs.frugalware.org/task/4134 CVE: No CVE reference, see http://drupal.org/node/764998. Description =========== Some vulnerabilities have been reported in the Internationalization module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. 1) Certain input passed to translating blocks is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "translate interface" or "administer blocks" permissions. Updated Packages ================ Check if you have drupal6-i18n installed: # pacman-g2 -Q drupal6-i18n If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-i18n Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/654 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvDlAkACgkQZ7NElSD1Vhn7UACfezh+Mijm680JOfKTb7Noi1Mn ewoAni4q+vzO6DosdXV1drZpLaXfjkoC =lT84 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Apr 12 23:47:55 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 12 Apr 2010 23:47:55 +0200 (CEST) Subject: [Frugalware-security] [ FSA-655 ] drupal-views Message-ID: <20100412214755.1EE391240025@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-655 Date: 2010-04-12 Package: drupal-views Vulnerable versions: <= 5.x_1.6-1 Unaffected versions: >= 5.x_1.7-1locris1 Related bugreport: http://bugs.frugalware.org/task/4178 CVE: No CVE reference, see http://drupal.org/node/765022. Description =========== A vulnerability has been reported in the Views module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used to import views. This can be exploited to execute arbitrary PHP code. Successful exploitation requires "administer views" permissions. Updated Packages ================ Check if you have drupal-views installed: # pacman-g2 -Q drupal-views If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal-views Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/655 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvDlQsACgkQZ7NElSD1VhkLYgCggl1DxBh76DUob7Dz1aSj30cv 7ssAn3DiCZ7tGu0Fj5+6dsxqppZmnl5T =ROpS -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Apr 12 23:49:48 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 12 Apr 2010 23:49:48 +0200 (CEST) Subject: [Frugalware-security] [ FSA-656 ] drupal6-views Message-ID: <20100412214948.43532124001E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-656 Date: 2010-04-12 Package: drupal6-views Vulnerable versions: <= 6.x_2.8-1 Unaffected versions: >= 6.x_2.10-1locris1 Related bugreport: http://bugs.frugalware.org/task/4179 CVE: No CVE reference, see http://drupal.org/node/765022. Description =========== A vulnerability has been reported in the Views module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used to import views. This can be exploited to execute arbitrary PHP code. Successful exploitation requires "administer views" permissions. Updated Packages ================ Check if you have drupal6-views installed: # pacman-g2 -Q drupal6-views If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-views Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/656 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvDlXwACgkQZ7NElSD1VhnZJgCglmCtcC4cLaOxRiUQVaySyh6r 5N4AnivXPY8kCwtNgJcpN9P/3KTlEoHd =sC4c -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Apr 13 00:39:54 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 13 Apr 2010 00:39:54 +0200 (CEST) Subject: [Frugalware-security] [ FSA-657 ] tetex Message-ID: <20100412223954.DA549124001E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-657 Date: 2010-04-12 Package: tetex Vulnerable versions: <= 3.0-18 Unaffected versions: >= 3.0-19locris1 Related bugreport: http://bugs.frugalware.org/task/4153 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0739 Description =========== Marc Schoenefeld found an integer overflow in the way TeX text formatting system processed special commands. If a user was tricked into processing a specially-crafted typesetter-independent .dvi (DeVice Independent) file, it could lead to dvips executable crash or, potentially, to arbitrary code execution with the privileges of the user running dvips. Updated Packages ================ Check if you have tetex installed: # pacman-g2 -Q tetex If found, then you should upgrade to the latest version: # pacman-g2 -Sy tetex Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/657 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvDoToACgkQZ7NElSD1VhkpiQCfS02fXPy8xofFIgI4XbzRpVcg EnwAn1pbWrrWFGOdEOlIpsWrsppDMyC9 =m1VS -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Apr 13 01:15:38 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 13 Apr 2010 01:15:38 +0200 (CEST) Subject: [Frugalware-security] [ FSA-658 ] mediawiki Message-ID: <20100412231538.C3F661240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-658 Date: 2010-04-12 Package: mediawiki Vulnerable versions: <= 1.15.1-1 Unaffected versions: >= 1.15.1-2locris1 Related bugreport: http://bugs.frugalware.org/task/4184 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1150 Description =========== A vulnerability has been reported in MediaWiki, which can be exploited by malicious users to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. force a victim into executing malicious javascript. Successful exploitation requires "$wgAllowUserJs" to be set to "true" in LocalSettings.php. Updated Packages ================ Check if you have mediawiki installed: # pacman-g2 -Q mediawiki If found, then you should upgrade to the latest version: # pacman-g2 -Sy mediawiki Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/658 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvDqZgACgkQZ7NElSD1VhkPAwCgjDT7U1vmxKUVw12X31E3sm4B k5QAn2ssMdWGu8oAWk2dNwE5a87V13dU =aiMy -----END PGP SIGNATURE----- From vmiklos at frugalware.org Wed Apr 14 10:14:03 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Wed, 14 Apr 2010 10:14:03 +0200 (CEST) Subject: [Frugalware-security] [ FSA-659 ] kdebase-workspace Message-ID: <20100414081403.D81AE124001E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-659 Date: 2010-04-14 Package: kdebase-workspace Vulnerable versions: <= 4.3.5-7 Unaffected versions: >= 4.3.5-8locris1 Related bugreport: http://bugs.frugalware.org/task/4129 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0436 Description =========== A security issue has been reported in KDE, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to a race condition within KDM when creating the control socket during a user login. This can be exploited to change the access permissions of arbitrary files to world-writable, which can be leveraged to e.g. execute arbitrary code with escalated privileges. Updated Packages ================ Check if you have kdebase-workspace installed: # pacman-g2 -Q kdebase-workspace If found, then you should upgrade to the latest version: # pacman-g2 -Sy kdebase-workspace Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/659 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvFeUsACgkQZ7NElSD1VhltRgCglDQB89lgb3DFmvPPryQ5sE/g l9cAmwVJ+AUPTK2ri29nIyHzsfYzGGQD =CzNs -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Apr 16 02:06:57 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 16 Apr 2010 02:06:57 +0200 (CEST) Subject: [Frugalware-security] [ FSA-660 ] sudo Message-ID: <20100416000657.AB8611240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-660 Date: 2010-04-16 Package: sudo Vulnerable versions: <= 1.7.2-3 Unaffected versions: >= 1.7.2-4locris1 Related bugreport: http://bugs.frugalware.org/task/4188 CVE: No CVE, see http://sudo.ws/sudo/alerts/sudoedit_escalate2.html. Description =========== A security issue has been reported in sudo, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to an error within the command matching functionality, which can be exploited to run a "sudoedit" executable within the current working directory. Successful exploitation may allow the execution of arbitrary code with escalated privileges, but requires that the attacker is allowed to use sudo's "sudoedit" pseudo-command, that the PATH environment variable contains "." while the directories do not contain any other "sudoedit" executable, and that the "ignore_dot" or "secure_path" options are disabled. Updated Packages ================ Check if you have sudo installed: # pacman-g2 -Q sudo If found, then you should upgrade to the latest version: # pacman-g2 -Sy sudo Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/660 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvHqiEACgkQZ7NElSD1Vhn2uACfUtvss2QgN1mnTAG2yz4fXYVZ V0oAoJDXW1e/pVKsBoeEkP7w/qlZtaHv =Gdrc -----END PGP SIGNATURE----- From vmiklos at frugalware.org Wed Apr 21 23:43:52 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Wed, 21 Apr 2010 23:43:52 +0200 (CEST) Subject: [Frugalware-security] [ FSA-661 ] j2sdk Message-ID: <20100421214352.45A791240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-661 Date: 2010-04-21 Package: j2sdk Vulnerable versions: <= 6-22locris1 Unaffected versions: >= 6-23locris1 Related bugreport: http://bugs.frugalware.org/task/4189 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0886 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1423 Description =========== A vulnerability has been discovered in Sun Java, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input sanitation error in the Java Deployment Toolkit browser plugin. This can be exploited to pass arbitrary arguments to javaw.exe and e.g. execute a JAR file placed on a network share in a privileged context. Successful exploitation allows execution of arbitrary code by tricking a user into visiting a malicious web page. Updated Packages ================ Check if you have j2sdk installed: # pacman-g2 -Q j2sdk If found, then you should upgrade to the latest version: # pacman-g2 -Sy j2sdk Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/661 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvPcZcACgkQZ7NElSD1VhkL6wCfb5AJ1rWp+EJ0UjOdMl2Ke90g npIAn3ydRGsacPD+8xY9z6QMsW7WP8ZO =Kvpt -----END PGP SIGNATURE----- From vmiklos at frugalware.org Thu Apr 22 16:26:55 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Thu, 22 Apr 2010 16:26:55 +0200 (CEST) Subject: [Frugalware-security] [ FSA-662 ] glibc Message-ID: <20100422142655.6B16920E0002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-662 Date: 2010-04-22 Package: glibc Vulnerable versions: <= 2.11.1-1 Unaffected versions: >= 2.11.1-2locris1 Related bugreport: http://bugs.frugalware.org/task/4166 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830 Description =========== Dan Rosenberg reported two security issues in glibc: 1) "ncpmount" and "mount.cifs" failed to properly sanitize provided mountpoint directory names (specifically, special characters such as newlines were not stripped). An attacker could create a directory with newline characters in its name and issue an ncpmount / mount.cifs command to mount to that directory, allowing them to corrupt /etc/mtab and potentially add unauthorized mounting options for other devices. 2) A memory corruption vulnerability in ld.so: When processing maliciously crafted ELF binaries using ld.so, regardless of whether execution of those binaries is intended (for example, using the "--verify" flag, which should not lead to any code execution), arbitrary code execution can be achieved. Updated Packages ================ Check if you have glibc installed: # pacman-g2 -Q glibc If found, then you should upgrade to the latest version: # pacman-g2 -Sy glibc Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/662 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvQXK8ACgkQZ7NElSD1VhlsZwCfSzZ/0RYbsiYL/blSiclBGS81 1HUAoJcTDKMoCZFVa6wElL2jFU4UENez =5Pzu -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Apr 23 12:56:38 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 23 Apr 2010 12:56:38 +0200 (CEST) Subject: [Frugalware-security] [ FSA-663 ] memcached Message-ID: <20100423105638.AA011124000A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-663 Date: 2010-04-23 Package: memcached Vulnerable versions: <= 1.4.2-1 Unaffected versions: >= 1.4.5-1locris1 Related bugreport: http://bugs.frugalware.org/task/4182 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1152 Description =========== A weakness has been reported in memcached, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service). The weakness is caused due to the application improperly handling received TCP data. This can be exploited to consume large amounts of memory and temporarily hang or potentially crash an affected server by sending an overly large number of bytes without a terminating newline ('\n') character to TCP port 11211. Updated Packages ================ Check if you have memcached installed: # pacman-g2 -Q memcached If found, then you should upgrade to the latest version: # pacman-g2 -Sy memcached Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/663 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvRfOYACgkQZ7NElSD1VhnKUQCfUtbPkasYsrLpORc2im0CXbRq Q/UAoJM6+nD7VWj8fb20F6cwmZUATNPK =EqRx -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat Apr 24 12:52:04 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 24 Apr 2010 12:52:04 +0200 (CEST) Subject: [Frugalware-security] [ FSA-664 ] polkit Message-ID: <20100424105204.E08E8124000A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-664 Date: 2010-04-24 Package: polkit Vulnerable versions: <= 0.96-2 Unaffected versions: >= 0.96-3locris1 Related bugreport: http://bugs.frugalware.org/task/4199 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0750 Description =========== A weakness has been reported in PolicyKit, which can be exploited by malicious, local users to disclose certain system information. The weakness is caused due to the "pkexec" utility returning different results depending on the existence of files, which can be exploited to e.g. determine if a file exists in a restricted directory. Updated Packages ================ Check if you have polkit installed: # pacman-g2 -Q polkit If found, then you should upgrade to the latest version: # pacman-g2 -Sy polkit Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/664 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvSzVQACgkQZ7NElSD1VhlijwCgp5xI4BW+yDkWyez0MBMCoPgC 8e4An1fgAlcsvnM3h8tfkNESbgAmv+Re =YyDL -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Apr 25 14:01:42 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 25 Apr 2010 14:01:42 +0200 (CEST) Subject: [Frugalware-security] [ FSA-665 ] nano Message-ID: <20100425120142.049F0124000A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-665 Date: 2010-04-25 Package: nano Vulnerable versions: <= 2.0.9-1 Unaffected versions: >= 2.0.9-2locris1 Related bugreport: http://bugs.frugalware.org/task/4196 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1161 Description =========== Some security issues have been reported in GNU nano, which can be exploited by malicious, local users to perform certain actions with escalated privileges. 1) The application does not properly verify if the file currently being edited has been changed outside the context of the current editing session before writing to it, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. 2) A race condition exists when creating backup files, which can be exploited to take the ownership of arbitrary files via e.g. symlink attacks. Successful exploitation requires that the victim is tricked into editing files owned by the attacker and that the backup functionality is enabled. Updated Packages ================ Check if you have nano installed: # pacman-g2 -Q nano If found, then you should upgrade to the latest version: # pacman-g2 -Sy nano Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/665 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvULyUACgkQZ7NElSD1Vhln0ACZARaP0/S9RcPaZYrGGnbLq3db 9fsAn1URKgXLM10qw6oOROKyn+JJuKCr =oHBm -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Apr 26 11:34:00 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 26 Apr 2010 11:34:00 +0200 (CEST) Subject: [Frugalware-security] [ FSA-666 ] cacti Message-ID: <20100426093400.47532124001E@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-666 Date: 2010-04-26 Package: cacti Vulnerable versions: <= 0.8.7e-1 Unaffected versions: >= 0.8.7e-2locris1 Related bugreport: http://bugs.frugalware.org/task/4193 CVE: No CVE yet, see http://seclists.org/fulldisclosure/2010/Apr/272. Description =========== A vulnerability has been reported in Cacti, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "export_item_id" parameter to templates_export.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that the attacker is allowed to export templates. Updated Packages ================ Check if you have cacti installed: # pacman-g2 -Q cacti If found, then you should upgrade to the latest version: # pacman-g2 -Sy cacti Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/666 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvVXgcACgkQZ7NElSD1VhlXbwCfeLCfrJiuu3wROHKH8Aily85N zVcAn2Vn66r2iBRSI1eOI4LJe1W8eoHv =Hvm4 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Apr 27 13:49:34 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 27 Apr 2010 13:49:34 +0200 (CEST) Subject: [Frugalware-security] [ FSA-667 ] fetchmail Message-ID: <20100427114934.10C441240005@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-667 Date: 2010-04-27 Package: fetchmail Vulnerable versions: <= 6.3.13-1 Unaffected versions: >= 6.3.16-1locris1 Related bugreport: http://bugs.frugalware.org/task/4195 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167 Description =========== Fetchmail did not properly sanitize external input (mail headers and UID). When a multi-character locale (such as UTF-8) was in use, this could cause memory exhaustion and thus a denial of service, because fetchmail's report.c functions assumed that non-success of [v]snprintf was due to insufficient buffer size allocation. It would then repeatedly reallocate a larger buffer and fail formatting again. Updated Packages ================ Check if you have fetchmail installed: # pacman-g2 -Q fetchmail If found, then you should upgrade to the latest version: # pacman-g2 -Sy fetchmail Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/667 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkvWz00ACgkQZ7NElSD1VhnELgCdFi7kCI2opGtQ+o9hsNZJUw5m T9wAoJ9JDcjsPjC2sTzl6z6x9p9DGIaQ =WYAL -----END PGP SIGNATURE-----