From bugzilla at redhat.com Sun Apr 1 11:19:06 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 1 Apr 2007 07:19:06 -0400 Subject: [Bug 233705] CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) In-Reply-To: Message-ID: <200704011119.l31BJ6no005292@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233705 ------- Additional Comments From paul at all-the-johnsons.co.uk 2007-04-01 07:19 EST ------- Imported in rawhide - will wait to see if it helps for a week and import into core 08/04/07 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 2 10:38:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 2 Apr 2007 06:38:46 -0400 Subject: [Bug 231728] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass In-Reply-To: Message-ID: <200704021038.l32AckMx028277@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 mfleming+rpm at enlartenment.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From mfleming+rpm at enlartenment.com 2007-04-02 06:38 EST ------- No problems or complaints in -devel, been running fine on my FC6 box. Ergo 2.1.0-3 has been rolled out to FC5 and FC6. Interestingly, Ivan did put out a patch for 1.9.4 - but only for the Apache 1.3.x DSO :-( -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bressers at redhat.com Mon Apr 2 23:31:19 2007 From: bressers at redhat.com (Josh Bressers) Date: Mon, 02 Apr 2007 19:31:19 -0400 Subject: Fedora 7 and the Security Response Team Message-ID: <23088.1175556679@devserv.devel.redhat.com> As everybody is no doubt aware, Fedora 7 is bringing a number of changes, one of which will be putting the burden of security on the Fedora Security Response Team. Right now it's basically the Red Hat Security Response Team working on Core, and not much of anything happening for Extras. This is going to change. I'm going to be filing a request for some resources sometime this week. I have an IRC bot and an xmlrpc server that will initially run from there. The long term goal is to host the various security related tools that don't yet exist. In the meantime, the task at hand should be to start tracking flaws for Fedora 7. What we usually would do at this point for core, is copy the fc6 file into fc7 in CVS. We then pour over the entries looking for questionable items. I'm thinking what we should do for Fedora 7, is merge the fe6 and fc6 files into a f7 (a better name is welcome) file, then start working through this file. We've never done this in a distributed manner before, so ideas are welcome. -- JB From mattdm at mattdm.org Mon Apr 2 23:37:13 2007 From: mattdm at mattdm.org (Matthew Miller) Date: Mon, 2 Apr 2007 19:37:13 -0400 Subject: Fedora 7 and the Security Response Team In-Reply-To: <23088.1175556679@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> Message-ID: <20070402233713.GA22264@jadzia.bu.edu> On Mon, Apr 02, 2007 at 07:31:19PM -0400, Josh Bressers wrote: > questionable items. I'm thinking what we should do for Fedora 7, is > merge the fe6 and fc6 files into a f7 (a better name is welcome) file, then > start working through this file. We've never done this in a distributed The disttag is staying "fc#" -- makes sense to keep other things that way too. -- Matthew Miller mattdm at mattdm.org Boston University Linux ------> From zhu at redhat.com Tue Apr 3 05:52:01 2007 From: zhu at redhat.com (Hu Zheng) Date: Tue, 03 Apr 2007 13:52:01 +0800 Subject: About zhcon setuid issue. Message-ID: <1175579521.4499.7.camel@dhcp-0-075.pek.redhat.com> The zhcon package was added to FC6 and FC7 extra recently. But there is a issue of it that we may need to notice. Because it need to access /dev/fb0 and so on, it need the setuid permission, so normal users can use it too. This bring the security risk. But for users' convenience, I didn't remove this setuid permission. It is still better don't install zhcon by default. Let's user install it manually. Maybe we can use ACL to controll this? From wolfy at nobugconsulting.ro Tue Apr 3 08:14:59 2007 From: wolfy at nobugconsulting.ro (Manuel Wolfshant) Date: Tue, 03 Apr 2007 11:14:59 +0300 Subject: About zhcon setuid issue. In-Reply-To: <1175579521.4499.7.camel@dhcp-0-075.pek.redhat.com> References: <1175579521.4499.7.camel@dhcp-0-075.pek.redhat.com> Message-ID: <46120D03.4080907@nobugconsulting.ro> Hu Zheng wrote: > The zhcon package was added to FC6 and FC7 extra recently. But there is > a issue of it that we may need to notice. > > Because it need to access /dev/fb0 and so on, it need the setuid > permission, so normal users can use it too. This bring the security > risk. But for users' convenience, I didn't remove this setuid > permission. > It is still better don't install zhcon by default. Let's user install it > manually. > > Maybe we can use ACL to controll this? > To me it looks like a perfect job for SElinux. But I might be wrong, I am just learning... From zhu at redhat.com Tue Apr 3 08:34:12 2007 From: zhu at redhat.com (Hu Zheng) Date: Tue, 03 Apr 2007 16:34:12 +0800 Subject: About zhcon setuid issue. In-Reply-To: <46120D03.4080907@nobugconsulting.ro> References: <1175579521.4499.7.camel@dhcp-0-075.pek.redhat.com> <46120D03.4080907@nobugconsulting.ro> Message-ID: <1175589252.4499.9.camel@dhcp-0-075.pek.redhat.com> Yes, I will try to learn selinux and create a patch for zhcon and selinux :) Thanks for your idea :) ? 2007-04-03?? 11:14 +0300?Manuel Wolfshant??? > Hu Zheng wrote: > > The zhcon package was added to FC6 and FC7 extra recently. But there is > > a issue of it that we may need to notice. > > > > Because it need to access /dev/fb0 and so on, it need the setuid > > permission, so normal users can use it too. This bring the security > > risk. But for users' convenience, I didn't remove this setuid > > permission. > > It is still better don't install zhcon by default. Let's user install it > > manually. > > > > Maybe we can use ACL to controll this? > > > To me it looks like a perfect job for SElinux. But I might be wrong, I > am just learning... From bugzilla at redhat.com Tue Apr 3 11:01:34 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Apr 2007 07:01:34 -0400 Subject: [Bug 235013] New: CVE-2007-1804: pulseaudio 0.9.5 DoS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235013 Summary: CVE-2007-1804: pulseaudio 0.9.5 DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: pulseaudio AssignedTo: drzeus-bugzilla at drzeus.cx ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1804 "PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file." FC5, FC6, devel have 0.9.5 at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 3 11:05:01 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Apr 2007 07:05:01 -0400 Subject: [Bug 235014] New: CVE-2007-1799: ktorrent < 2.1.3 arbitrary file overwrite Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235014 Summary: CVE-2007-1799: ktorrent < 2.1.3 arbitrary file overwrite Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: ktorrent AssignedTo: wolters.liste at gmx.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,rdieter at math.unl.edu http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1799 "Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384." FC5, FC6, devel have 2.1.2 at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 3 11:08:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Apr 2007 07:08:13 -0400 Subject: [Bug 235015] New: CVE-2007-1732: wordpress mt import XSS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015 Summary: CVE-2007-1732: wordpress mt import XSS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1732 "** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor." Posted for maintainer assessment whether this is a feature or a bug, and whether it affects current FE releases. FWIW, Gentoo has patched it. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bressers at redhat.com Tue Apr 3 11:55:03 2007 From: bressers at redhat.com (Josh Bressers) Date: Tue, 03 Apr 2007 07:55:03 -0400 Subject: About zhcon setuid issue. In-Reply-To: <1175579521.4499.7.camel@dhcp-0-075.pek.redhat.com> References: <1175579521.4499.7.camel@dhcp-0-075.pek.redhat.com> Message-ID: <19313.1175601303@devserv.devel.redhat.com> > The zhcon package was added to FC6 and FC7 extra recently. But there is > a issue of it that we may need to notice. > > Because it need to access /dev/fb0 and so on, it need the setuid > permission, so normal users can use it too. This bring the security > risk. But for users' convenience, I didn't remove this setuid > permission. > It is still better don't install zhcon by default. Let's user install it > manually. > > Maybe we can use ACL to controll this? > Shouldn't pam set the framebuffer owner to the current console user? When I look at the /dev/fb0 permissions on my system I see this: % ls -l /dev/fb0 crw------- 1 bress root 29, 0 Apr 3 07:53 /dev/fb0 There should be no need to give zhcon the setuid bit as I already have the permissions I need. -- JB From mjc at redhat.com Tue Apr 3 12:10:21 2007 From: mjc at redhat.com (Mark J Cox) Date: Tue, 3 Apr 2007 13:10:21 +0100 (BST) Subject: Fedora 7 and the Security Response Team In-Reply-To: <23088.1175556679@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> Message-ID: <0704031308390.13065@awe.com> > start working through this file. We've never done this in a distributed > manner before, so ideas are welcome. Once the F7 file is initially created it really needs a request tracking system, like we use RT for internally. That way the "CVE new" mails (as well, probably, as F7 errata announcements) can go into the queue and allow anyone to pick it up, triage, and close it after committing the new F7 file. Mark From bugzilla at redhat.com Tue Apr 3 15:13:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Apr 2007 11:13:54 -0400 Subject: [Bug 235014] CVE-2007-1799: ktorrent < 2.1.3 arbitrary file overwrite In-Reply-To: Message-ID: <200704031513.l33FDsUw007083@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1799: ktorrent < 2.1.3 arbitrary file overwrite https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235014 rdieter at math.unl.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|wolters.liste at gmx.net |rdieter at math.unl.edu CC| |wolters.liste at gmx.net ------- Additional Comments From rdieter at math.unl.edu 2007-04-03 11:13 EST ------- %changelog * Tue Apr 03 2007 Rex Dieter 2.1.3-1 - ktorrent-2.1.3 (#235014) - optimize %%configure -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 3 15:39:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 3 Apr 2007 11:39:46 -0400 Subject: [Bug 235014] CVE-2007-1799: ktorrent < 2.1.3 arbitrary file overwrite In-Reply-To: Message-ID: <200704031539.l33Fdk4o009305@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1799: ktorrent < 2.1.3 arbitrary file overwrite https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235014 rdieter at math.unl.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA ------- Additional Comments From rdieter at math.unl.edu 2007-04-03 11:39 EST ------- Builds queue'd for devel(finished), FC-6(building), FC-5(building). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 4 13:24:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Apr 2007 09:24:09 -0400 Subject: [Bug 232103] CVE-2007-1429: moodle 1.7.1 remote file inclusion In-Reply-To: Message-ID: <200704041324.l34DO9VX016385@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1429: moodle 1.7.1 remote file inclusion https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232103 mmcgrath at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mmcgrath at redhat.com |Jerry.James at usu.edu -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 4 14:10:03 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 4 Apr 2007 10:10:03 -0400 Subject: [Bug 220041] CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities In-Reply-To: Message-ID: <200704041410.l34EA3Vq020397@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220041 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|imlinux at gmail.com |Jerry.James at usu.edu -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bressers at redhat.com Wed Apr 4 15:47:40 2007 From: bressers at redhat.com (Josh Bressers) Date: Wed, 04 Apr 2007 11:47:40 -0400 Subject: Fedora Security Response Team Update Message-ID: <21642.1175701660@devserv.devel.redhat.com> I think it's in the best interest of everyone if I give updates of what's going on as things happen. One of my goals is to have a transparent security team. This can't happen unless I keep everyone who cares in the loop. So far the biggest things done regarding the team are infrastructural changes. security at fp.o and secalert at fp.o aliases have been created and now deliver mail to a private list. Right now the only member are Luke Macken and myself. I'm not sure how to best hand out membership to this list. Ideas are welcome. It's a matter of trust, and part of the challenge here is who to trust? I've also requested a Xen instance for various security tools to run on: http://fedoraproject.org/wiki/Infrastructure/RFR/wiki/Infrastructure/RFR/SecurityResponseTeam Things to do: Update the wiki pages. The current information is pretty slim. We'll try to grow these in an organic manner. It makes more sense to me if we let process evolve, and document it, rather than documenting, then trying to use a process. GPG key. I'm pondering how to handle this. There will be groups that want to send us encrypted mail. How can we do this in a secure manner (trust is a big issue here). Start the review of FC7. Task tracking. How can we do this best? We theoretically could use bugzilla, but it's really not ideal for this sort of thing. There is an OTRS instance running for the infrastructure group, but I'm afraid when I'm told it's not used much and could go away. If we have a Xen instance, we could run our own RT. I'm not sure if I like this idea though. ???? (Anything else to add) -- JB From kevin at tummy.com Wed Apr 4 16:22:40 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Wed, 4 Apr 2007 10:22:40 -0600 Subject: Fedora Security Response Team Update In-Reply-To: <21642.1175701660@devserv.devel.redhat.com> References: <21642.1175701660@devserv.devel.redhat.com> Message-ID: <20070404102240.46867624@ghistelwchlohm.scrye.com> On Wed, 04 Apr 2007 11:47:40 -0400 Josh Bressers wrote: > I think it's in the best interest of everyone if I give updates of > what's going on as things happen. One of my goals is to have a > transparent security team. This can't happen unless I keep everyone > who cares in the loop. Excellent. I for one appreciate the updates to the list here... > > > So far the biggest things done regarding the team are infrastructural > changes. > > security at fp.o and secalert at fp.o aliases have been created and now > deliver mail to a private list. Right now the only member are Luke > Macken and myself. I'm not sure how to best hand out membership to > this list. Ideas are welcome. It's a matter of trust, and part of > the challenge here is who to trust? Well, what are those aliases to be used for? Folks mailing in vulnerabilties? Coordination with other vendors? > I've also requested a Xen instance for various security tools to run > on: > http://fedoraproject.org/wiki/Infrastructure/RFR/wiki/Infrastructure/RFR/SecurityResponseTeam Sounds good. > Things to do: > > Update the wiki pages. The current information is pretty slim. > We'll try to grow these in an organic manner. It makes more sense to > me if we let process evolve, and document it, rather than > documenting, then trying to use a process. Agreed. > GPG key. I'm pondering how to handle this. There will be groups > that want to send us encrypted mail. How can we do this in a secure > manner (trust is a big issue here). I think it might be good to have a small group (possibly those on the alias above?) that has the passphrase. They can always foward to this list anything that would need more general discussion. > Start the review of FC7. Fun fun. ;) > Task tracking. How can we do this best? We theoretically could use > bugzilla, but it's really not ideal for this sort of thing. There is > an OTRS instance running for the infrastructure group, but I'm afraid > when I'm told it's not used much and could go away. If we have a Xen > instance, we could run our own RT. I'm not sure if I like this idea > though. I think bugzilla is way too heavy. OTRS is also too much in the way. How about a wiki page? People can indicate there what chunks they want to check? > ???? (Anything else to add) Someone should see about getting at least some folks in the security team the needed CVS access to be able to fix security issues if the owner of a package is unavailable. Likewise privs in the build and updates system to be able to build and push these. Thats all down the road I'm sure, but something to keep in mind. I'm sure there will be more things coming up... kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mjc at redhat.com Thu Apr 5 12:11:55 2007 From: mjc at redhat.com (Mark J Cox) Date: Thu, 5 Apr 2007 13:11:55 +0100 (BST) Subject: Fedora Security Response Team Update In-Reply-To: <21642.1175701660@devserv.devel.redhat.com> References: <21642.1175701660@devserv.devel.redhat.com> Message-ID: <0704051306080.4459@awe.com> > GPG key. I'm pondering how to handle this. There will be groups that want > to send us encrypted mail. How can we do this in a secure manner (trust is > a big issue here). So role keys on open source projects are generally a bad idea, and indeed both the Apache Software Foundation and OpenSSL security teams do not use a role key for secure communications. In the most part it's just CERT and the odd researcher that want secure communications and signing of statements. So what we do in those projects is just tell CERT (and publish on the site) the contact details and GPG keys of a few of the security team members. A member on receiving something encrypted has the responsibility to triage and pass it on. Since it doesn't happen often (once a month or less) it's not a big deal. Mark From bugzilla at redhat.com Thu Apr 5 16:43:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 5 Apr 2007 12:43:46 -0400 Subject: [Bug 235416] New: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416 Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: imlib AssignedTo: paul at city-fan.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1026 These two old issues appear to be still present in FE6 (1.9.13-*) and devel (1.9.15-*) imlib packages. Bug 138516 contains a test case XPM as well as a patch which should fix these issues. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Apr 8 22:23:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 8 Apr 2007 18:23:02 -0400 Subject: [Bug 235015] CVE-2007-1732: wordpress mt import XSS In-Reply-To: Message-ID: <200704082223.l38MN2Lo027305@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1732: wordpress mt import XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG ------- Additional Comments From jwb at redhat.com 2007-04-08 18:22 EST ------- This looks to me like a valid feature - it requires authentication and willing interaction on the part of the authenticated individual to exploit. I can't really call someone who knowingly and willingly uses such a feature a "victim". Although I can see where some would consider this a bug, I don't. If someone can point out a scheme whereby this would be a problem, I'm willing to be convinced otherwise, but until then, CLOSED-NOTABUG -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 9 08:24:05 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 9 Apr 2007 04:24:05 -0400 Subject: [Bug 235015] CVE-2007-1732: wordpress mt import XSS In-Reply-To: Message-ID: <200704090824.l398O5rP013898@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1732: wordpress mt import XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015 ------- Additional Comments From ville.skytta at iki.fi 2007-04-09 04:23 EST ------- Just some general data points for consideration, I'm not necessarily disagreeing with comment 1: Missing/ineffective cross site request forgery preventation measures would invalidate the "knowing/willing" assumption. But if I understand correctly, Wordpress's admin UI has that protection. Requiring authentication and willing interaction doesn't IMO make this a feature if the goal was not to provide a possibility for injection of arbitrary markup or scripts; it just affects the attack vectors. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 10 17:15:45 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2007 13:15:45 -0400 Subject: [Bug 235416] CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows In-Reply-To: Message-ID: <200704101715.l3AHFj5S029533@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416 ------- Additional Comments From paul at city-fan.org 2007-04-10 13:15 EST ------- It is unfortunate that the security fixes that went into RHEL4 in November 2004 didn't make it into the Fedora Core package at that time. I've verified that the test pixmap crashes the current imblib (using qiv) and that the patch from Bug #138516 fixes it. I've now incorporated that patch in that bug into the 1.9.15-2 package on devel, and updated FC-6 from 1.9.13-* to 1.9.15-2, which I believe will resolve this problem for FC-6 onwards. FC-5 (1:1.9.13-27) is probably still vulnerable. According to comment #2 in Bug #138522 FC-4 included a fix but I've just tried the test pixmap and it crashes qiv on an FC-4 box. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 10 17:50:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2007 13:50:23 -0400 Subject: [Bug 235416] CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows In-Reply-To: Message-ID: <200704101750.l3AHoN2k001431@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416 mattdm at mattdm.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mattdm at mattdm.org ------- Additional Comments From mattdm at mattdm.org 2007-04-10 13:50 EST ------- > It is unfortunate that the security fixes that went into RHEL4 in November 2004 > didn't make it into the Fedora Core package at that time. Sadly, this is a perennial problem with Fedora. :( -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 10 18:57:29 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2007 14:57:29 -0400 Subject: [Bug 235912] New: CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235912 Summary: CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1893 "WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."" http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1897 "SQL injection vulnerability in xmlrpc.php in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable." All active FE releases have 2.1.3-RC2 which seems affected. 2.1.3 final is said to fix these issues. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 10 19:40:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 10 Apr 2007 15:40:04 -0400 Subject: [Bug 209167] seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla In-Reply-To: Message-ID: <200704101940.l3AJe4M6014063@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: seamonkey < 1.0.5 multiple vulnerabilities; to replace Mozilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209167 mattdm at mattdm.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CANTFIX ------- Additional Comments From mattdm at mattdm.org 2007-04-10 15:40 EST ------- Fedora Core 4 is now completely unmaintained. These bugs can't be fixed in that version. If the issue still persists in current Fedora Core, please reopen. Thank you, and sorry about this. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 11 21:26:55 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Apr 2007 17:26:55 -0400 Subject: [Bug 233700] CVE-2007-1614: zzliplib stack-based buffer overflow In-Reply-To: Message-ID: <200704112126.l3BLQtbY004741@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1614: zzliplib stack-based buffer overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233700 matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From matthias at rpmforge.net 2007-04-11 17:26 EST ------- Packages of 0.13.49 have been pushed to all current branches on March 26. Sorry for forgetting to update and close this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 11 21:33:30 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 11 Apr 2007 17:33:30 -0400 Subject: [Bug 228764] CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure In-Reply-To: Message-ID: <200704112133.l3BLXUAJ005098@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764 ------- Additional Comments From matthias at rpmforge.net 2007-04-11 17:33 EST ------- Still unpatched upstream, and still no patches or even details in the various vulnerability reports... are there _any_ details about these!? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From opensource at till.name Fri Apr 13 11:33:57 2007 From: opensource at till.name (Till Maas) Date: Fri, 13 Apr 2007 13:33:57 +0200 Subject: FYI: aircrack-ng / airodump-ng, remote code execution Message-ID: <200704131333.58557.opensource@till.name> Hello, airodump-ng has a remote code execution vulnerability: http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0408.html The bug is fixed in svn which will be released without major changes to the linux code as version 0.8, soon. A new package from cvs has been built. If you use airodump, please upgrade. Regards, Till From bugzilla at redhat.com Sun Apr 15 06:30:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 15 Apr 2007 02:30:37 -0400 Subject: [Bug 236489] CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities In-Reply-To: Message-ID: <200704150630.l3F6UbBL007794@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236489 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Apr 15 22:19:29 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 15 Apr 2007 18:19:29 -0400 Subject: [Bug 220041] CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities In-Reply-To: Message-ID: <200704152219.l3FMJTG8000777@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-6625, CVE-2006-6626: moodle XSS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220041 Jerry.James at usu.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From Jerry.James at usu.edu 2007-04-15 18:19 EST ------- The patch that fixes CVE-2006-6625 is present in 1.6.5, which is being released for FC 5 and FC 6, and it is also present in 1.8.0, which is being released for FC 7. CVE-2006-6626 was also patched in some release prior to those two, so both are fixed in the next release. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Apr 15 22:21:52 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 15 Apr 2007 18:21:52 -0400 Subject: [Bug 232103] CVE-2007-1429: moodle 1.7.1 remote file inclusion In-Reply-To: Message-ID: <200704152221.l3FMLqRB000849@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1429: moodle 1.7.1 remote file inclusion https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232103 Jerry.James at usu.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From Jerry.James at usu.edu 2007-04-15 18:21 EST ------- This bug has been patched in moodle 1.6.5, which is being released for FC 5 and FC 6, and the files in question are completely gone in 1.8.0, which is being released for FC 7. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 16 11:24:19 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Apr 2007 07:24:19 -0400 Subject: [Bug 236489] CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities In-Reply-To: Message-ID: <200704161124.l3GBOJdV003234@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236489 matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From matthias at rpmforge.net 2007-04-16 07:24 EST ------- Since 1.4.15 doesn't seem to break any configuration syntax (I've tested an update on a few servers, some with complex setups), I've decided to update all currently supported branches to 1.4.15, which contains these fixes. Note that the CVE-2007-1869 bug was already fixed in the devel and EL-5 branches, but they hadn't yet been rebuilt. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 16 11:36:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Apr 2007 07:36:02 -0400 Subject: [Bug 236489] CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities In-Reply-To: Message-ID: <200704161136.l3GBa23M003901@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1869, CVE-2007-1870: lighttpd < 1.4.14 DoS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236489 matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From matthias at rpmforge.net 2007-04-16 07:35 EST ------- Branches FC-5, FC-6 and devel (to become F7) have been updated. No EL packages yet, since lua is still missing from EPEL. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 16 15:22:49 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 16 Apr 2007 11:22:49 -0400 Subject: [Bug 235912] CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues In-Reply-To: Message-ID: <200704161522.l3GFMnuN024629@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1893, CVE-2007-1897: wordpress < 2.1.3 issues https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235912 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From jwb at redhat.com 2007-04-16 11:22 EST ------- New packages built (2.1.3 final) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 17 23:26:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 17 Apr 2007 19:26:23 -0400 Subject: [Bug 229253] CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability In-Reply-To: Message-ID: <200704172326.l3HNQNSi013240@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0981: seamonkey cookie setting / same-domain bypass vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229253 kengert at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |seamonkey-1.0.8-0.6.2.fc6 ------- Additional Comments From kengert at redhat.com 2007-04-17 19:26 EST ------- The SeaMonkey version in Fedora Extras 6 is 1.0.8. SeaMonkey 1.0.8 is based on Mozilla technology version 1.8.0.10. The underlying bug at mozilla.org has been marked as fixed and verified 1.8.0.10 So I conclude this bug has been fixed in seamonkey-1.0.8-0.6.2.fc6 since 2007-03-01. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 18 17:03:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Apr 2007 13:03:53 -0400 Subject: [Bug 236948] New: CVE-2007-1745: clamav < 0.90.2 chm unpack issue Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236948 Summary: CVE-2007-1745: clamav < 0.90.2 chm unpack issue Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz at informatik.tu-chemnitz.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1745 "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information." CVE-2007-1997 appears to be somewhat related and is said to affect 0.9x versions before 0.90.2 only, however for this CVE I didn't find anything that would say 0.88.7 currently in FE5 and FE6 wouldn't be affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 18 18:31:52 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 18 Apr 2007 14:31:52 -0400 Subject: [Bug 236948] CVE-2007-1745: clamav < 0.90.2 chm unpack issue In-Reply-To: Message-ID: <200704181831.l3IIVqqQ020456@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1745: clamav < 0.90.2 chm unpack issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236948 enrico.scholz at informatik.tu-chemnitz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |DUPLICATE ------- Additional Comments From enrico.scholz at informatik.tu-chemnitz.de 2007-04-18 14:31 EST ------- *** This bug has been marked as a duplicate of 236703 *** -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Apr 20 15:05:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Apr 2007 11:05:54 -0400 Subject: [Bug 236703] possible vulnerabilities CVE-2007-1745 In-Reply-To: Message-ID: <200704201505.l3KF5sDQ023487@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: possible vulnerabilities CVE-2007-1745 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236703 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Apr 20 17:22:58 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 20 Apr 2007 13:22:58 -0400 Subject: [Bug 237293] New: CVE-2007-1558: claws-mail APOP vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237293 Summary: CVE-2007-1558: claws-mail APOP vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: claws-mail AssignedTo: andreas.bierfert at lowlatency.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558 "The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird, (2) Evolution, (3) mutt, and (4) fetchmail." According to upstream, fixed in 2.9.1. http://www.claws-mail.org/news.php -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Apr 21 11:46:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 21 Apr 2007 07:46:17 -0400 Subject: [Bug 237293] CVE-2007-1558: claws-mail APOP vulnerability In-Reply-To: Message-ID: <200704211146.l3LBkHl2015194@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1558: claws-mail APOP vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237293 andreas.bierfert at lowlatency.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From andreas.bierfert at lowlatency.de 2007-04-21 07:46 EST ------- Thanks for reporting. Fixed and pushed. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 23 16:24:19 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2007 12:24:19 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704231624.l3NGOJdO020770@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 tibbs at math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fedora-security- | |list at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 23 16:25:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2007 12:25:59 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704231625.l3NGPx1g020995@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood at gmail.com 2007-04-23 12:25 EST ------- Created an attachment (id=153291) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=153291&action=view) Fix REGEX7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 23 16:28:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2007 12:28:23 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704231628.l3NGSN6M021279@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood at gmail.com 2007-04-23 12:28 EST ------- (In reply to comment #4) > Any clue as to what this looks like for an IPv6 denial? Um, no. Seems irrelevant though, this fix is as IPV6 safe as the rest of DenyHosts - basically it brings REGEX7 into alignment with the other REGEXs - if this is broken for IPV6, then all the others are too. I don't have any way to test this I'm afraid. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 23 16:36:51 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2007 12:36:51 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704231636.l3NGapiC022258@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From tibbs at math.uh.edu 2007-04-23 12:36 EST ------- OK, let me do a build and see if I can get this past releng for F7. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 23 16:41:57 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2007 12:41:57 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704231641.l3NGfvko022656@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood at gmail.com 2007-04-23 12:41 EST ------- OK, thanks. An update for FC6 would also be much appreciated. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Apr 23 17:49:22 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 23 Apr 2007 13:49:22 -0400 Subject: [Bug 237533] New: CVE-2007-2165: proftpd auth bypass vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533 Summary: CVE-2007-2165: proftpd auth bypass vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: high Component: proftpd AssignedTo: matthias at rpmforge.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2165 http://bugs.proftpd.org/show_bug.cgi?id=2922 "The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Apr 24 22:21:35 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 24 Apr 2007 18:21:35 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704242221.l3OMLZYo015536@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 tibbs at math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.6-4 ------- Additional Comments From tibbs at math.uh.edu 2007-04-24 18:21 EST ------- I did some testing and let the new version stew on my servers overnight. Since that went OK, I pushed and built for F7, FC6, FC5, EL5 and EL4. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 25 10:15:41 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Apr 2007 06:15:41 -0400 Subject: [Bug 237449] Login attempts as root may go unnoticed In-Reply-To: Message-ID: <200704251015.l3PAFfPC020637@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Login attempts as root may go unnoticed https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237449 ------- Additional Comments From jonathan.underwood at gmail.com 2007-04-25 06:15 EST ------- Splendid, thanks. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Apr 25 20:39:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 25 Apr 2007 16:39:33 -0400 Subject: [Bug 237882] New: CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237882 Summary: CVE-2007-2245: phpMyAdmin < 2.10.1 XSS vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: phpMyAdmin AssignedTo: mmcgrath at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,redhat- bugzilla at linuxnetz.de http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2245 "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.