From vmiklos at frugalware.org Sat Sep 3 09:24:43 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 3 Sep 2011 09:24:43 +0200 (CEST) Subject: [Frugalware-security] [ FSA-741 ] foomatic-filters Message-ID: <20110903072443.5B0361420A74@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-741 Date: 2011-09-03 Package: foomatic-filters Vulnerable versions: <= 4.0.1-5 Unaffected versions: >= 4.0.1-6mores1 Related bugreport: http://bugs.frugalware.org/task/4556 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2924 Description =========== It was found that foomatic-rip filter used insecurely created temporary file for storage of PostScript data by rendering the data, intended to be sent to the PostScript filter, when the debug mode was enabled. A local attacker could use this flaw to conduct symlink attacks (overwrite arbitrary file accessible with the privileges of the user running the foomatic-rip universal print filter). Updated Packages ================ Check if you have foomatic-filters installed: # pacman-g2 -Q foomatic-filters If found, then you should upgrade to the latest version: # pacman-g2 -Sy foomatic-filters Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/741 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk5h1jsACgkQZ7NElSD1Vhnr5wCfYV//ogT00bQ5W7RxTHFqvyDK vmMAn1kjrfi/9QlbwezS4bUgD95gMLNz =3uW6 -----END PGP SIGNATURE----- From vmiklos at frugalware.org Wed Sep 7 01:02:26 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Wed, 7 Sep 2011 01:02:26 +0200 (CEST) Subject: [Frugalware-security] [ FSA-742 ] apache Message-ID: <20110906230226.D307E1420A3D@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-742 Date: 2011-09-07 Package: apache Vulnerable versions: <= 2.2.19-2mores1 Unaffected versions: >= 2.2.20-1mores1 Related bugreport: http://bugs.frugalware.org/task/4571 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 Description =========== Kingcope has discovered a vulnerability in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the ByteRange filter when processing requests containing a large amount of ranges, which can be exploited to exhaust memory via specially crafted HTTP requests sent to the server. Updated Packages ================ Check if you have apache installed: # pacman-g2 -Q apache If found, then you should upgrade to the latest version: # pacman-g2 -Sy apache Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/742 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk5mpoEACgkQZ7NElSD1VhlrcACfd+SAxzxCrg52k4/Np23AUIeh LlMAnRFeZyxO1DizuEWuMQufDh+WjFsz =ZCsq -----END PGP SIGNATURE----- From vmiklos at frugalware.org Fri Sep 9 00:12:22 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Fri, 9 Sep 2011 00:12:22 +0200 (CEST) Subject: [Frugalware-security] [ FSA-743 ] mantis Message-ID: <20110908221222.8EB2E1420A77@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-743 Date: 2011-09-09 Package: mantis Vulnerable versions: <= 1.2.7-1mores1 Unaffected versions: >= 1.2.8-1mores1 Related bugreport: http://bugs.frugalware.org/task/4586 CVE: No CVE, see https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html Description =========== Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system. 1) Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "action" parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Note: In combination with MantisBT's file upload functionality, this can be exploited to execute arbitrary PHP code. 3) Input passed to the "os", "os_build", and "platform" parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. Updated Packages ================ Check if you have mantis installed: # pacman-g2 -Q mantis If found, then you should upgrade to the latest version: # pacman-g2 -Sy mantis Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/743 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk5pPcYACgkQZ7NElSD1VhkF+QCePSIHvHm7YDV01k2WugdGx3RC cWUAoIkLyqeHVtX+K3MRI4Za038FOJjQ =W+0f -----END PGP SIGNATURE----- From vmiklos at frugalware.org Tue Sep 13 00:52:09 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Tue, 13 Sep 2011 00:52:09 +0200 (CEST) Subject: [Frugalware-security] [ FSA-744 ] librsvg Message-ID: <20110912225209.96350142004A@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-744 Date: 2011-09-13 Package: librsvg Vulnerable versions: <= 2.34.0-1 Unaffected versions: >= 2.34.1-1mores1 Related bugreport: http://bugs.frugalware.org/task/4582 CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3146 Description =========== A vulnerability has been reported in librsvg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of node types, which can be exploited to dereference invalid memory via specially crafted SVG images. Updated Packages ================ Check if you have librsvg installed: # pacman-g2 -Q librsvg If found, then you should upgrade to the latest version: # pacman-g2 -Sy librsvg Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/744 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk5ujRkACgkQZ7NElSD1VhlZcgCfRU6nHSUYudhzkAnkOAsR5k00 YWkAniR6y9aq2tBAtfFNTlVh6W2L4dY1 =q1Rk -----END PGP SIGNATURE----- From vmiklos at frugalware.org Sat Sep 17 23:16:26 2011 From: vmiklos at frugalware.org (Miklos Vajna) Date: Sat, 17 Sep 2011 23:16:26 +0200 (CEST) Subject: [Frugalware-security] [ FSA-745 ] django Message-ID: <20110917211626.DF441142003F@genesis.frugalware.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Frugalware Security Advisory FSA-745 Date: 2011-09-17 Package: django Vulnerable versions: <= 1.3-2 Unaffected versions: >= 1.3.1-1mores1 Related bugreport: http://bugs.frugalware.org/task/4590 CVE: No CVE, see https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ Description =========== Some vulnerabilities have been reported in Django, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). 1) An error within the handling of sessions within django.contrib.sessions when using the caching backend can be exploited to manipulate session information. Successful exploitation requires that the session key is known and the application allows attackers to store dictionary-like objects with a valid session key in the cache. 2) An error when verifying if URLs provided to the "URLField" field type correctly resolve can be exploited to exhaust all of the server's processes and memory by providing an URL to a malicious server. 3) An error within the handling of redirect responses when verifying URLs provided to the "URLField" field type can be exploited to e.g. determine the existence of local files on the server by returning a redirect response to a "file://" URL. 4) An error within the handling of the "X-Forwarded-Host" HTTP header when e.g. generating full URLs for redirect responses can be exploited to conduct cache poisoning attacks. Updated Packages ================ Check if you have django installed: # pacman-g2 -Q django If found, then you should upgrade to the latest version: # pacman-g2 -Sy django Availability ============ The latest revision of this advisory is available at http://frugalware.org/security/745 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: See http://ftp.frugalware.org/pub/README.GPG for info iEYEARECAAYFAk51DioACgkQZ7NElSD1VhlfKwCeOfY6FBXvvHHcc3XTeq124FEn N+gAn3u9ZN7NZCMEbHzYUz1H+aX3zziS =FStv -----END PGP SIGNATURE-----