From vmiklos at frugalware.org Sun Dec 12 15:38:49 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 12 Dec 2010 15:38:49 +0100 (CET) Subject: [Frugalware-security] [ FSA-700 ] kernel Message-ID: <20101212143849.91624132C38F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-700 Date: 2010-12-12 Package: kernel Vulnerable versions: <= 2.6.35-1 Unaffected versions: >= 2.6.35-2haven1 Related bugreport: http://bugs.frugalware.org/task/4304 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2240 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2963 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3904 Description =========== Multiple vulnerabilities have been reported in the Linux kernel: 1) The do_anonymous_page function in mm/memory.c does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server. 2) The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount. 3) drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device. 4) The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/700 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk0E3nkACgkQZ7NElSD1VhkAYwCfeUplF5CtYJnLwDwhGWaJgxaL yCUAn1xECNKL2Mqq8kV6vSOX/OQC8wBN =gWjU -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Dec 12 15:48:56 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 12 Dec 2010 15:48:56 +0100 (CET) Subject: [Frugalware-security] [ FSA-701 ] kernel Message-ID: <20101212144856.222BB132C390@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-701 Date: 2010-12-12 Package: kernel Vulnerable versions: <= 2.6.35-1 Unaffected versions: >= 2.6.35-2haven1 Related bugreport: http://bugs.frugalware.org/task/4384 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850 Description =========== This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/701 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk0E4NgACgkQZ7NElSD1VhmkJwCeIK/RPZIaGjPBYdwKaA72MVGZ MtoAn1pZrewNTYzDC+6SKluX+Ub14Wns =KC2/ -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sun Dec 12 15:54:05 2010 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sun, 12 Dec 2010 15:54:05 +0100 (CET) Subject: [Frugalware-security] [ FSA-702 ] wordpress Message-ID: <20101212145405.DACDE132C38F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-702 Date: 2010-12-12 Package: wordpress Vulnerable versions: <= 3.0.1-1 Unaffected versions: >= 3.0.2-1haven1 Related bugreport: http://bugs.frugalware.org/task/4382 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4257 Description =========== A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "Send Trackbacks" field when creating a new post is not properly sanitised in wp-includes/comment.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Author-level" permissions. Updated Packages ================ Check if you have wordpress installed: # pacman-g2 -Q wordpress If found, then you should upgrade to the latest version: # pacman-g2 -Sy wordpress Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/702 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk0E4g0ACgkQZ7NElSD1VhlcWACeO+HWr5SncAjqEpHLpRJ4zfH1 VzcAn2sOTwvIkaxDG7mlSw7GiitPjfRN =vt9y -----END PGP SIGNATURE-----