From vmiklos at frugalware.org Mon May 16 13:39:32 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Mon, 16 May 2011 13:39:32 +0200 (CEST) Subject: [Frugalware-security] [ FSA-719 ] kernel Message-ID: <20110516113932.C0212BAC007@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-719 Date: 2011-05-16 Package: kernel Vulnerable versions: <= 2.6.37-2 Unaffected versions: >= 2.6.37-3nexon1 Related bugreport: http://bugs.frugalware.org/task/4489 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1013 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1019 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1076 Description =========== Secutity issues have been reported in the Linux kernel: 1) The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). 2) An integer signedness flaw in drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. 3) A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from "/lib/modules/", instead of only netdev modules. 4) When a DNS resolver key is instantiated with an error indication, attempts to read that key resulted in an oops because user_read() expected there to be a payload - and there wasn't one. Updated Packages ================ Check if you have kernel installed: # pacman-g2 -Q kernel If found, then you should upgrade to the latest version: # pacman-g2 -Sy kernel Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/719 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3RDPQACgkQZ7NElSD1VhnZMACbBj4FOPrbyTT5sfNYTa8Iv3YM lXMAnihEMvfneVg92+OleZIvHdv+AOFE =xbrQ -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat May 28 01:48:45 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 28 May 2011 01:48:45 +0200 (CEST) Subject: [Frugalware-security] [ FSA-720 ] wordpress Message-ID: <20110527234845.C3C0ABAC006@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-720 Date: 2011-05-28 Package: wordpress Vulnerable versions: <= 3.1.2-1nexon1 Unaffected versions: >= 3.1.3-1nexon1 Related bugreport: http://bugs.frugalware.org/task/4496 CVE: No CVE yet, see http://wordpress.org/news/2011/05/wordpress-3-1-3/ Description =========== neworder has discovered a vulnerability in the is_human() plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "type" parameter in engine.php (when e.g. "action" is set to "log-reset") is not properly verified before being used in an "eval()" function and can be exploited to inject and execute arbitrary PHP code. Updated Packages ================ Check if you have wordpress installed: # pacman-g2 -Q wordpress If found, then you should upgrade to the latest version: # pacman-g2 -Sy wordpress Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/720 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3gOF0ACgkQZ7NElSD1Vhn2zACfaD1g1UvZLwzV1Fge8txKYEzg ps8Ani+4sErn5OLCb73Bp9p8wjE7s2mW =RqFg -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat May 28 01:53:29 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 28 May 2011 01:53:29 +0200 (CEST) Subject: [Frugalware-security] [ FSA-721 ] drupal6 Message-ID: <20110527235329.64879BAC006@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-721 Date: 2011-05-28 Package: drupal6 Vulnerable versions: <= 6.20-3 Unaffected versions: >= 6.22-1nexon1 Related bugreport: http://bugs.frugalware.org/task/4497 CVE: No CVE, see http://drupal.org/node/1168756 Description =========== Two vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain input passed via the URL is not properly sanitised in the Drupal error handler before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that on-screen error display is enabled in admin/settings/error-reporting. 2) Input passed via the color scheme values (e.g. "palette[bg]", "palette[text]", "palette[sideborders]", "palette[footer]", and "palette[titleslogan]") to index.php (when "q" is set to "admin/appearance/settings/bartik") when changing the color scheme is not properly sanitised before being used in a style sheet. This can be exploited to insert arbitrary CSS and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires the "Administer themes" privileges and the victim user is running a browser which executes certain JavaScript statements from CSS files (e.g. Internet Explorer 6). Updated Packages ================ Check if you have drupal6 installed: # pacman-g2 -Q drupal6 If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6 Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/721 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3gOXkACgkQZ7NElSD1Vhk65ACfdIkPmVkY/nWY9Cz4aZ/jrwhy dfwAn3zrnNij3dwuHcqQjnVUKa+Nno6b =2tJ+ -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat May 28 01:56:25 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 28 May 2011 01:56:25 +0200 (CEST) Subject: [Frugalware-security] [ FSA-722 ] drupal7 Message-ID: <20110527235625.465CEBAC006@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-722 Date: 2011-05-28 Package: drupal7 Vulnerable versions: <= 7.0-1 Unaffected versions: >= 7.2-1nexon1 Related bugreport: http://bugs.frugalware.org/task/4498 CVE: No CVE, see http://drupal.org/node/1168756 Description =========== A vulnerability and a security issue have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions. 1) An error in the Color module can be exploited to conduct script insertion attacks. For more information see vulnerability #2 in: FSA721. 2) A security issue in the File module (modules/file/file.module) in combination with restrictions via a node access module can be exploited to disclose private files. Updated Packages ================ Check if you have drupal7 installed: # pacman-g2 -Q drupal7 If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal7 Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/722 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3gOikACgkQZ7NElSD1VhnVfACgpp+tnDnAvoHrCMWcc9OFwVwl 4kwAniAtnWejpI9lf5d+LDDqLOJnSXde =q6HX -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat May 28 01:59:10 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 28 May 2011 01:59:10 +0200 (CEST) Subject: [Frugalware-security] [ FSA-723 ] drupal6-webform Message-ID: <20110527235910.8522EBAC006@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-723 Date: 2011-05-28 Package: drupal6-webform Vulnerable versions: <= 6.x_3.6-2 Unaffected versions: >= 6.x_3.11-1nexon1 Related bugreport: http://bugs.frugalware.org/task/4499 CVE: No CVE, see http://drupal.org/node/1161954. Description =========== Justin Klein Keane has discovered multiple vulnerabilities in the Webform module for Drupal, which can be exploited by malicious users and malicious people to conduct script insertion attacks. 1) Input passed via the "name" parameter when submitting a new webform field is not properly sanitised in sites/all/modules/webform/includes/webform.report.inc before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires the "create webform content" or "administer nodes" permission. 2) Input passed via the filename when uploading a file through a webform is not properly sanitised in sites/all/modules/webform/components/file.inc before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Updated Packages ================ Check if you have drupal6-webform installed: # pacman-g2 -Q drupal6-webform If found, then you should upgrade to the latest version: # pacman-g2 -Sy drupal6-webform Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3gOs4ACgkQZ7NElSD1VhlbkwCgl7Uzh2GTI40UF8lxtIZQBzw5 vRgAn2T5C+ZWMPtccrRzVyPAoYMRGyqA =apW3 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue May 31 00:19:54 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 31 May 2011 00:19:54 +0200 (CEST) Subject: [Frugalware-security] [ FSA-724 ] freetype2 Message-ID: <20110530221954.1C6F0BAC006@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-724 Date: 2011-05-31 Package: freetype2 Vulnerable versions: <= 2.4.2-1 Unaffected versions: >= 2.4.2-2nexon1 Related bugreport: http://bugs.frugalware.org/task/4433 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3855 Description =========== Some vulnerabilities have been reported in FreeType, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. 1) An error exists in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts and can be exploited to cause a heap-based buffer overflow via a specially crafted font. 2) An error within the "Ins_SHZ()" function in src/truetype/ttinterp.c when handling the "SHZ" bytecode instruction can be exploited to cause a crash and potentially execute arbitrary code via a specially crafted font. Updated Packages ================ Check if you have freetype2 installed: # pacman-g2 -Q freetype2 If found, then you should upgrade to the latest version: # pacman-g2 -Sy freetype2 Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/724 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk3kGAoACgkQZ7NElSD1VhnhiACgi0g1JxMaYuuiyFw55IojrBEy qFoAoI9O24S9hVy/b+5O8Yyvh/6twlW4 =1r3P -----END PGP SIGNATURE-----