From vmiklos at frugalware.org Tue Jun 7 01:00:53 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 7 Jun 2011 01:00:53 +0200 (CEST) Subject: [Frugalware-security] [ FSA-725 ] wireshark Message-ID: <20110606230053.91057BAC009@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-725 Date: 2011-06-07 Package: wireshark Vulnerable versions: <= 1.4.6-1nexon1 Unaffected versions: >= 1.4.7-1nexon1 Related bugreport: http://bugs.frugalware.org/task/4510 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1956 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1957 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1958 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1959 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2174 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2175 Description =========== Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the DICOM dissector can be exploited to cause an infinite loop when processing certain malformed packets. 2) An error when processing a Diameter dictionary file can be exploited to cause the process to crash. 3) An error when processing a snoop file can be exploited to cause the process to crash. 4) An error when processing compressed capture data can be exploited to cause the process to crash. 5) An error when processing a Visual Networks file can be exploited to cause the process to crash. 6) An error in the "desegment_tcp()" function (epan/dissectors/packet-tcp.c) when handling certain TCP segments can be exploited to dereference a NULL pointer and crash the process. Updated Packages ================ Check if you have wireshark installed: # pacman-g2 -Q wireshark If found, then you should upgrade to the latest version: # pacman-g2 -Sy wireshark Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/725 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3tXCUACgkQZ7NElSD1VhnBiQCgj9rM8WWNKNj/3mqD0QUeWqzf P1gAoIvWVcAUegVY38uPTdLKGhZbKg3E =ipYd -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Jun 24 09:18:25 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 24 Jun 2011 09:18:25 +0200 (CEST) Subject: [Frugalware-security] [ FSA-726 ] libreoffice Message-ID: <20110624071825.73AF6BAC007@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-726 Date: 2011-06-24 Package: libreoffice Vulnerable versions: <= 3.3.0.4-3 Unaffected versions: >= 3.3.3.1-1nexon1 Related bugreport: http://bugs.frugalware.org/task/4518 CVE: No CVE, see http://www.kb.cert.org/vuls/id/953183 Description =========== Multiple vulnerabilities have been reported in LibreOffice, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors in the import filter when processing Lotus Word Pro (LWP) files and can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious LWP file. Updated Packages ================ Check if you have libreoffice installed: # pacman-g2 -Q libreoffice If found, then you should upgrade to the latest version: # pacman-g2 -Sy libreoffice Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/726 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk4EOkAACgkQZ7NElSD1Vhlf1wCdG0x3lQzHam3dlsXZR+d1/EIe OAAAnRreUN9ckyla7df3oGQSdMogb3rn =WHkE -----END PGP SIGNATURE-----