From vmiklos at frugalware.org Tue Aug 3 12:38:06 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 3 Aug 2010 12:38:06 +0200 (CEST) Subject: [Frugalware-security] [ FSA-675 ] mantis Message-ID: <20100803103806.0CD6F12D90F1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-675 Date: 2010-08-03 Package: mantis Vulnerable versions: <= 1.1.8-1 Unaffected versions: >= 1.2.2-1locris1 Related bugreport: http://bugs.frugalware.org/task/4279 CVE: No CVE, see http://www.mantisbt.org/blog/?p=113 Description =========== A vulnerability has been discovered in Mantis, which can be exploited by malicious users to conduct script insertion attacks. Input passed in uploaded attachments is not properly verified before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when a malicious file with e.g. a "gif" extension is viewed with the Microsoft Internet Explorer browser. Successful exploitation requires permissions to upload attachments. Updated Packages ================ Check if you have mantis installed: # pacman-g2 -Q mantis If found, then you should upgrade to the latest version: # pacman-g2 -Sy mantis Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/675 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxX8Y0ACgkQZ7NElSD1VhnzrgCfUd0lfHDCSKvL1O7cP3K+S7YX 5P8AoKJSnX9Sdu0pqXrK5fO056Y5WzdP =2joA -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 3 12:43:31 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 3 Aug 2010 12:43:31 +0200 (CEST) Subject: [Frugalware-security] [ FSA-676 ] wireshark Message-ID: <20100803104331.A716712D90F1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-676 Date: 2010-08-03 Package: wireshark Vulnerable versions: <= 1.2.9-1locris1 Unaffected versions: >= 1.2.10-1locris1 Related bugreport: http://bugs.frugalware.org/task/4280 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2284 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2287 Description =========== Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) An off-by-one error exists within the SigComp Universal Decompressor Virtual Machine. 2) An error in within the "ASN.1 BER" dissector can be exploited to cause a stack overflow. 3) A NULL pointer dereference error in the "GSM A RR" dissector can be exploited to cause a crash. 4) An error in the "IPMI" dissector can be exploited to trigger an infinite loop. Updated Packages ================ Check if you have wireshark installed: # pacman-g2 -Q wireshark If found, then you should upgrade to the latest version: # pacman-g2 -Sy wireshark Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxX8tMACgkQZ7NElSD1VhmjlQCfWNSYRwRc2P84noMpQhfdAy4O udsAoKTRiO5b7CT/gopv+rrldOybrUNH =au8u -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Aug 9 21:29:27 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 9 Aug 2010 21:29:27 +0200 (CEST) Subject: [Frugalware-security] [ FSA-677 ] pcre Message-ID: <20100809192927.934B112D90F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-677 Date: 2010-08-09 Package: pcre Vulnerable versions: <= 8.01-1 Unaffected versions: >= 8.02-1locris1 Related bugreport: http://bugs.frugalware.org/task/4261 CVE: No CVE references, see http://bugs.exim.org/show_bug.cgi?id=962 Description =========== Michael Santos has discovered a vulnerability in PCRE, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to a boundary error within the "compile_branch()" function pcre_compile.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted regular expression. Successful exploitation may allow execution of arbitrary code. Updated Packages ================ Check if you have pcre installed: # pacman-g2 -Q pcre If found, then you should upgrade to the latest version: # pacman-g2 -Sy pcre Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/677 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxgVxcACgkQZ7NElSD1Vhn/1ACcDqlSfjuRjnCX+HsNygtnF0li mg0An0I8It2bTI+JVXDZly+k5GFt7MSF =o2Eu -----END PGP SIGNATURE----- From vmiklos at frugalware.org Mon Aug 9 23:32:30 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 9 Aug 2010 23:32:30 +0200 (CEST) Subject: [Frugalware-security] [ FSA-678 ] nss Message-ID: <20100809213230.8014D12D90F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-678 Date: 2010-08-09 Package: nss Vulnerable versions: <= 3.12.3-1 Unaffected versions: >= 3.12.6-1locris1 Related bugreport: http://bugs.frugalware.org/task/4258 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 Description =========== A vulnerability has been reported in Network Security Services (NSS), which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. Updated Packages ================ Check if you have nss installed: # pacman-g2 -Q nss If found, then you should upgrade to the latest version: # pacman-g2 -Sy nss Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/678 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxgc+0ACgkQZ7NElSD1VhlcqgCcCzoYpSeOmhEu5CLMoTCcrmoa CAYAnAwr1okDKLHlIb0cw+4+oucJQgQW =qyVX -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 00:03:10 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 00:03:10 +0200 (CEST) Subject: [Frugalware-security] [ FSA-679 ] drupal-cck Message-ID: <20100809220310.E8C6312D90F1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-679 Date: 2010-08-10 Package: drupal-cck Vulnerable versions: <= 5.x_1.10-1 Unaffected versions: >= 5.x_1.12-1locris1 Related bugreport: http://bugs.frugalware.org/task/4242 CVE: No CVE, see http://drupal.org/node/829566. Description =========== A vulnerability has been reported in the Drupal Content Construction Kit, which can be exploited by malicious users to disclose sensitive information. The vulnerability in the CCK "Node Reference" module is caused due to improper validation of access levels, which can be exploited to gain view access to controlled nodes. Updated Packages ================ Check if you have drupal-cck installed: # pacman-g2 -Q drupal-cck If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal-cck Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/679 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxgex4ACgkQZ7NElSD1VhkjygCgnlHMTt317up16qR6bJR3SpPf rbEAn1xkiQFFy6Lh7iuFOmXB+3By8O78 =hPH/ -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 00:05:29 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 00:05:29 +0200 (CEST) Subject: [Frugalware-security] [ FSA-680 ] drupal6-cck Message-ID: <20100809220529.D768812D90F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-680 Date: 2010-08-10 Package: drupal6-cck Vulnerable versions: <= 6.x_2.6-1 Unaffected versions: >= 6.x_2.7-1locris1 Related bugreport: http://bugs.frugalware.org/task/4243 CVE: No CVE, see http://drupal.org/node/829566. Description =========== Some vulnerabilities have been reported in the Drupal Content Construction Kit, which can be exploited by malicious users to disclose sensitive information. 1) A vulnerability in the CCK "Node Reference" module is caused due to improper validation of access levels, which can be exploited to gain view access to controlled nodes. 2) Another vulnerability in the "Node Reference" module is caused due to improper validation of access levels for a backend URL. This can be exploited to send direct queries to the backend URL and disclose node titles and IDs. Updated Packages ================ Check if you have drupal6-cck installed: # pacman-g2 -Q drupal6-cck If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-cck Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/680 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxge6kACgkQZ7NElSD1Vhkr6ACdGKRJ6Ueh7r/stj9LzF/bnqzY WnEAn35IIkqv+20E4pJeaxMW2GE/CyEL =vtln -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 17:11:09 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 17:11:09 +0200 (CEST) Subject: [Frugalware-security] [ FSA-681 ] openssl Message-ID: <20100810151109.85CBF9EC004@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-681 Date: 2010-08-10 Package: openssl Vulnerable versions: <= 0.9.8-18 Unaffected versions: >= 0.9.8-19locris1 Related bugreport: http://bugs.frugalware.org/task/4231 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742 Description =========== Multiple vulnerabilities have been reported in OpenSSL: 1) A vulnerability is caused due to certain applications (e.g. Apache with the PHP module) calling OpenSSL's "CRYPTO_free_all_ex_data()" function prematurely. In certain cases, this can result in memory leaks, which can be exploited to e.g. cause a DoS due to memory exhaustion. 2) A vulnerability is caused due to an error in the TLS protocol while handling session re-negotiations. This can be exploited to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session via Man-in-the-Middle (MitM) attacks. Successful exploitation may allow e.g. sending an arbitrary HTTP request under an authenticated context if certificate-based authentication is used by the server. 4) A vulnerability is caused due to the library not properly verifying the return value of the "bn_wexpand()" function. 1) The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS packets. 5) An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages. 6) A use-after-free error in the "dtls1_retrieve_buffered_fragment()" function can be exploited to cause a crash in a client context. 7) An error in the "dtls1_process_out_of_seq_message()" function can be exploited to crash a DTLS server via a specially crafted out of sequence DTLS packet. 8) The "kssk_keytab_is_available()" function in ssl/kssl.c does not check the return value of a call to the "krb5_sname_to_principal()" function, which can be exploited to cause a NULL pointer dereference by e.g. sending certain cipher suites within the client hello. 9) An error exists within the "ssl3_get_record()" function in openssl/ssl/s3_pkt.c when processing certain records, which can be exploited to cause a crash by sending specially crafted records. 10) A vulnerability is caused due to an error when handling CMS (Cryptographic Message Syntax) structures. This can be exploited to trigger a write to an invalid memory address or a double-free via a specially crafted CMS structure containing an "OriginatorInfo" element. Updated Packages ================ Check if you have openssl installed: # pacman-g2 -Q openssl If found, then you should upgrade to the latest version: # pacman-g2 -Sy openssl Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/681 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxhbA0ACgkQZ7NElSD1VhnHJwCePYxzqQj2ZJ4Pw1HneU7dXsE0 G78An2p3MjNk78beUz3eJU1Adx01eAr5 =XCRX -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 17:36:18 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 17:36:18 +0200 (CEST) Subject: [Frugalware-security] [ FSA-682 ] drupal-filefield Message-ID: <20100810153618.B39BE12D90F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-682 Date: 2010-08-10 Package: drupal-filefield Vulnerable versions: <= 5.x_2.4-1 Unaffected versions: >= 5.x_2.5-1locris1 Related bugreport: http://bugs.frugalware.org/task/4244 CVE: No CVE, see http://drupal.org/node/829808. Description =========== A vulnerability has been reported in the FileField module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed e.g. via the "filepath" parameter is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires permission to create or edit content with a FileField and that the administrator has configured a vulnerable display format or uses a special token. Updated Packages ================ Check if you have drupal-filefield installed: # pacman-g2 -Q drupal-filefield If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal-filefield Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/682 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxhcfIACgkQZ7NElSD1VhkejgCfV/l6lHpzbixuocBIm6LuMvmG KCsAn3yBxQ9K+9HQd2gP+F2IDe1fFfP7 =kSPu -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 17:38:21 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 17:38:21 +0200 (CEST) Subject: [Frugalware-security] [ FSA-683 ] drupal6-filefield Message-ID: <20100810153821.B286D12D90F1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-683 Date: 2010-08-10 Package: drupal6-filefield Vulnerable versions: <= 6.x_3.3-1locris1 Unaffected versions: >= 6.x_3.4-1locris1 Related bugreport: http://bugs.frugalware.org/task/4245 CVE: No CVE, see http://drupal.org/node/829808. Description =========== See FSA682 for details. Updated Packages ================ Check if you have drupal6-filefield installed: # pacman-g2 -Q drupal6-filefield If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-filefield Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/683 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxhcm0ACgkQZ7NElSD1Vhk7ggCcDUH0O94IAWPKkEPWLmLhTYBN 5psAnAqE5MILwQ7EnkOhj3NZSJ5/O5vt =nz7D -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 17:45:04 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 17:45:04 +0200 (CEST) Subject: [Frugalware-security] [ FSA-684 ] drupal-views Message-ID: <20100810154504.070689EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-684 Date: 2010-08-10 Package: drupal-views Vulnerable versions: <= 5.x_1.7-1locris1 Unaffected versions: >= 5.x_1.8-1locris1 Related bugreport: http://bugs.frugalware.org/task/4246 CVE: No CVE, see http://drupal.org/node/829840. Description =========== Multiple vulnerabilities have been reported in the Views module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery, and cross-site scripting attacks. 1) The Views UI module allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. enable or disable all Views in a site when a logged-in user visits a malicious site. This vulnerability is reported in versions prior to 5.x-1.8 and 6.x-2.11. Successful exploitation requires that Views UI module is enabled. 2) Input passed via URLs or aggregator feed titles are not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is returned to the user. Updated Packages ================ Check if you have drupal-views installed: # pacman-g2 -Q drupal-views If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal-views Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/684 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxhdAAACgkQZ7NElSD1VhnmUQCgnqRAt6Qguz/9MOl/VKpVPnqf W9AAn2v/2PKNSA3Kyke3BRiVeI93/gpT =7xBj -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Aug 10 17:47:01 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 10 Aug 2010 17:47:01 +0200 (CEST) Subject: [Frugalware-security] [ FSA-685 ] drupal6-views Message-ID: <20100810154701.6AA349EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-685 Date: 2010-08-10 Package: drupal6-views Vulnerable versions: <= 6.x_2.10-1locris1 Unaffected versions: >= 6.x_2.11-1locris1 Related bugreport: http://bugs.frugalware.org/task/4247 CVE: No CVE, see http://drupal.org/node/829840. Description =========== See FSA684 for details. Updated Packages ================ Check if you have drupal6-views installed: # pacman-g2 -Q drupal6-views If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-views Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/685 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxhdHUACgkQZ7NElSD1VhlT0QCffrg66PHb0j7Mf9Dhuv47XIWO zxAAn2xIhb8p5GOk138mUWMyyFBPKQgL =q9rv -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 22 20:45:19 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 22 Aug 2010 20:45:19 +0200 (CEST) Subject: [Frugalware-security] [ FSA-686 ] drupal Message-ID: <20100822184519.F361B9EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-686 Date: 2010-08-22 Package: drupal Vulnerable versions: <= 5.22-2locris1 Unaffected versions: >= 5.23-1locris1 Related bugreport: http://bugs.frugalware.org/task/4285 CVE: No CVE, see http://drupal.org/node/880476. Description =========== A weakness and a vulnerability have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. 1) The weakness is caused due to an error in the upload module, which does not properly check uploaded file names for case sensitivity and grants access to the earlier uploaded file. This can be exploited to download otherwise restricted files by uploading similarly named file with different letter casing. 2) An error in the comment module does not properly check for access permissions before republishing previously unpublished comments. Successful exploitation of this vulnerability requires "post comments without approval" permissions. Updated Packages ================ Check if you have drupal installed: # pacman-g2 -Q drupal If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/686 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxxcD8ACgkQZ7NElSD1VhmplQCffv2MV35tCUWrk+xndU6XVFxW i1oAmwckqTtq762dg4p8qkLrpo3vsgmV =/CAS -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 22 20:47:32 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 22 Aug 2010 20:47:32 +0200 (CEST) Subject: [Frugalware-security] [ FSA-687 ] drupal6 Message-ID: <20100822184732.27A1C12D90F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-687 Date: 2010-08-22 Package: drupal6 Vulnerable versions: <= drupal6-6.16-1locris1 Unaffected versions: >= drupal6-6.19-1locris1 Related bugreport: http://bugs.frugalware.org/task/4286 CVE: No CVE, see http://drupal.org/node/880476. Description =========== A weakness and some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. 1) A vulnerability in the OpenID module is caused due to incorrect protocol implementation. This can be exploited to harvest positive assertions from OpenID providers and e.g. bypass the login mechanism by replaying intercepted assertions. 2) The weakness is caused due to an error in the upload module, which does not properly check uploaded file names for case sensitivity and grants access to the earlier uploaded file. This can be exploited to download otherwise restricted files by uploading similarly named file with different letter casing. 3) An error in the comment module does not properly check for access permissions before republishing previously unpublished comments. Successful exploitation of this vulnerability requires "post comments without approval" permissions. 4) Input passed via descriptions and messages while using the actions feature is not properly sanitised before being displayed to the user via nodes and taxonomy terms. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires "administer actions" permissions. Updated Packages ================ Check if you have drupal6 installed: # pacman-g2 -Q drupal6 If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6 Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/687 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxxcMQACgkQZ7NElSD1VhnbrQCfRwYe3mDGgUVqHTxoCec9F0Bz aFoAn1BQRvUSZSL9DEd9/Xmeeqys1t/l =EDg7 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 22 21:10:06 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 22 Aug 2010 21:10:06 +0200 (CEST) Subject: [Frugalware-security] [ FSA-688 ] drupal-pathauto Message-ID: <20100822191006.798CA12D90F2@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-688 Date: 2010-08-22 Package: drupal-pathauto Vulnerable versions: <= 5.x_2.3-1 Unaffected versions: >= 5.x_2.4-1locris1 Related bugreport: http://bugs.frugalware.org/task/4287 CVE: No CVE, see http://drupal.org/node/880522. Description =========== Some vulnerabilities have been reported in the Pathauto module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "[bookpathalias]", "[catalias]", and "[termalias]" tokens is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "create url aliases" permissions and that the tokens are used in an HTML page e.g. when displaying a message using an action from the token_actions.module. Updated Packages ================ Check if you have drupal-pathauto installed: # pacman-g2 -Q drupal-pathauto If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal-pathauto Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/688 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxxdg4ACgkQZ7NElSD1VhnXbgCePzS4H0IYIwTTSAOWRofSRhjR dd8AoJ2FW/NxAHY1eJz8ojDMu2mJFwo9 =idVF -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 22 21:11:57 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 22 Aug 2010 21:11:57 +0200 (CEST) Subject: [Frugalware-security] [ FSA-689 ] drupal6-pathauto Message-ID: <20100822191157.253F512D90F1@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-689 Date: 2010-08-22 Package: drupal6-pathauto Vulnerable versions: <= 6.x_1.2-1 Unaffected versions: >= 6.x_1.4-1locris1 Related bugreport: http://bugs.frugalware.org/task/4288 CVE: No CVE, see http://drupal.org/node/880522. Description =========== See FSA688 for more info. Updated Packages ================ Check if you have drupal6-pathauto installed: # pacman-g2 -Q drupal6-pathauto If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-pathauto Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/689 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxxdn0ACgkQZ7NElSD1VhkLKQCbBHcitDmaUpGzu+Xg5pQGqtnu SP4AnA2sOpq3HHH0lgm6ml5HStXoSpk3 =MTqA -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 22 22:29:28 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 22 Aug 2010 22:29:28 +0200 (CEST) Subject: [Frugalware-security] [ FSA-690 ] drupal6-cck Message-ID: <20100822202928.DE0329EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-690 Date: 2010-08-22 Package: drupal6-cck Vulnerable versions: <= 6.x_2.7-1locris1 Unaffected versions: >= 6.x_2.8-1locris1 Related bugreport: http://bugs.frugalware.org/task/4289 CVE: No CVE, see http://drupal.org/node/880736. Description =========== A vulnerability has been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to the CCK "Node Reference" not properly validating field access levels on the source field of the backend URL, which can be exploited to view node titles and IDs of otherwise restricted nodes. Updated Packages ================ Check if you have drupal6-cck installed: # pacman-g2 -Q drupal6-cck If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-cck Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/690 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxxiKgACgkQZ7NElSD1VhlPaQCgobQ/IRQXjcsLYJjwtxuvcyUR dscAoKdYd1qh9cla5Wtb9ClM1+itevHa =Kf3M -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 22 22:32:54 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 22 Aug 2010 22:32:54 +0200 (CEST) Subject: [Frugalware-security] [ FSA-691 ] drupal6-devel Message-ID: <20100822203254.A2B3B9EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-691 Date: 2010-08-22 Package: drupal6-devel Vulnerable versions: <= 6.x_1.18-1 Unaffected versions: >= 6.x_1.21-1locris1 Related bugreport: http://bugs.frugalware.org/task/4290 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3022 Description =========== A vulnerability has been reported in the Devel (Performance logging) module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via node paths is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the attacker has permissions to add url aliases and the victim has access to the reports of the performance module. Updated Packages ================ Check if you have drupal6-devel installed: # pacman-g2 -Q drupal6-devel If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-devel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/691 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkxxiXYACgkQZ7NElSD1VhnfRwCcCLg/kR3BtfsANM8At2lxI3Tq C74AnApYImyw4ljJeHGn7t1Tg4blkTVN =cip0 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 29 15:15:11 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 29 Aug 2010 15:15:11 +0200 (CEST) Subject: [Frugalware-security] [ FSA-692 ] phpmyadmin Message-ID: <20100829131511.475819EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-692 Date: 2010-08-29 Package: phpmyadmin Vulnerable versions: <= 3.3.5-1 Unaffected versions: >= 3.3.5.1-1haven1 Related bugreport: http://bugs.frugalware.org/task/4294 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3056 Description =========== Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "field_str" parameter to db_search.php , the "delimiter" parameter to db_sql.php, the "sort" parameter to db_structure.php, the "db" parameter to js/messages.php, the "sort_by" parameter to server_databases.php, the "checkprivs", "dbname", "pred_tablename", "selected_usr[]", "tablename", and "username" parameters to server_privileges.php, the "DefaultLang" parameter to setup/config.php, the "cpurge", "goto", "purge", "purgekey", "table", and "zero_rows" parameters to sql.php, and the "fields[multi_edit][]" parameter to tbl_replace.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Updated Packages ================ Check if you have phpmyadmin installed: # pacman-g2 -Q phpmyadmin If found, then you should upgrade to the latest version: # pacman-g2 -Sy phpmyadmin Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/692 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkx6XV8ACgkQZ7NElSD1Vhkw2gCfRrUvxuIH60FRBqf4j5BH/dU7 XowAniFtJ/RaKChqoROclahWqz8aWSUL =OPDb -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Aug 29 15:18:21 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 29 Aug 2010 15:18:21 +0200 (CEST) Subject: [Frugalware-security] [ FSA-693 ] openoffice.org Message-ID: <20100829131821.E2C259EC002@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-693 Date: 2010-08-29 Package: openoffice.org Vulnerable versions: <= 3.2.1-4 Unaffected versions: >= 3.2.1-5haven1 Related bugreport: http://bugs.frugalware.org/task/4296 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936 Description =========== Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system. 1) An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. 2) A short integer overflow error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Updated Packages ================ Check if you have openoffice.org installed: # pacman-g2 -Q openoffice.org If found, then you should upgrade to the latest version: # pacman-g2 -Sy openoffice.org Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/693 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAkx6Xh0ACgkQZ7NElSD1VhkOQACdFnj4UtYz3Lcan/DSmEx6lGZP ltkAnA1h6E4rAHCcIS6Qd9qOzQexObQv =EzYr -----END PGP SIGNATURE-----