From bugzilla at redhat.com Fri Jun 1 10:12:31 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Jun 2007 06:12:31 -0400 Subject: [Bug 240398] CVE-2007-2445: libpng10 DoS In-Reply-To: Message-ID: <200706011012.l51ACVbX031667@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2445: libpng10 DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240398 paul at city-fan.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |1.0.26-1.fc6 ------- Additional Comments From paul at city-fan.org 2007-06-01 06:12 EST ------- libpng10-1.0.26-1.fc6 has been released for Fedora Extras 6, which should resolve this problem. There is also a release libpng10-1.0.26-1.fc7.1 in Fedora 7 updates and libpng10-1.0.26-1.fc8 for development. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Jun 1 13:24:41 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 1 Jun 2007 09:24:41 -0400 Subject: [Bug 241489] CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability In-Reply-To: Message-ID: <200706011324.l51DOfSB011955@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241489 ------- Additional Comments From devrim at commandprompt.com 2007-06-01 09:24 EST ------- Upstream fixed this; packages will be updated shortly. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Jun 2 07:49:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 2 Jun 2007 03:49:46 -0400 Subject: [Bug 241799] CVE-2007-2894: bochs guest OS local user DoS In-Reply-To: Message-ID: <200706020749.l527nkI7025145@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2894: bochs guest OS local user DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 j.w.r.degoede at hhs.nl changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From j.w.r.degoede at hhs.nl 2007-06-02 03:49 EST ------- I've contacted upstream about this, awaiting their response. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From dsmith at redhat.com Mon Jun 4 19:33:50 2007 From: dsmith at redhat.com (David Smith) Date: Mon, 04 Jun 2007 14:33:50 -0500 Subject: Need some security advice for systemtap Message-ID: <4664691E.7010803@redhat.com> I need some security development help (and this might be the wrong list - if so, please point me in the right direction). I'm one of the systemtap developers. You can see for details, but a 2 second overview is that systemtap allows users to write a script that probes points in the kernel. systemtap takes the script, converts it into C, compiles the C into a kernel module, inserts the kernel module, and displays any output from the compiled script. When the script finishes, we remove the kernel module. One of the complaints we get from users is that we require root access (using sudo) to install/remove the kernel module. Large enterprise customers typically don't give out sudo access to all admins. So, they would like a way to designate certain scripts/modules as "blessed", and allow admins/developers/etc. without root access to run those "blessed" scripts/modules. Some basic ideas about how we can allow users without sudo access to run "blessed" scripts/modules can be seen at , So, I'm looking for thoughts, criticisms, pointers, etc. to do this in a manner that won't allow a system to be easily compromised. We're in the fairly early stages of this idea, and I'm looking for direction before heading down the wrong road. Thanks for the help. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From mangoo at wpkg.org Tue Jun 5 08:46:55 2007 From: mangoo at wpkg.org (Tomasz Chmielewski) Date: Tue, 05 Jun 2007 10:46:55 +0200 Subject: Need some security advice for systemtap In-Reply-To: <4664691E.7010803@redhat.com> References: <4664691E.7010803@redhat.com> Message-ID: <466522FF.8080801@wpkg.org> David Smith schrieb: (...) > Some basic ideas about how we can allow users without sudo access to run > "blessed" scripts/modules can be seen at > , > > So, I'm looking for thoughts, criticisms, pointers, etc. to do this in a > manner that won't allow a system to be easily compromised. We're in > the fairly early stages of this idea, and I'm looking for direction > before heading down the wrong road. Am I right? Is it security based on md5sum? I'm not sure how easy would it be to "produce" two kernel modules having the same MD5 checksum - but before you continue, you might want to read a short article called "Attacking Hash Functions by Poisoned Messages": http://www.cits.rub.de/MD5Collisions/ -- Tomasz Chmielewski http://wpkg.org From fche at redhat.com Tue Jun 5 15:08:59 2007 From: fche at redhat.com (Frank Ch. Eigler) Date: 05 Jun 2007 11:08:59 -0400 Subject: Need some security advice for systemtap In-Reply-To: <466522FF.8080801@wpkg.org> References: <4664691E.7010803@redhat.com> <466522FF.8080801@wpkg.org> Message-ID: Tomasz Chmielewski writes: > Am I right? Is it security based on md5sum? [...] > http://www.cits.rub.de/MD5Collisions/ Indeed. md5 was just a "for sake of argument" possibility. We can go with a different or even multiple hashes. Or, if hashes are deemed untrustworthy in some particular installation, /etc/systemtap/authorized_probes could contain copies of the probe modules in their entirety rather than their hashes. - FChE From grundym at us.ibm.com Tue Jun 5 17:19:58 2007 From: grundym at us.ibm.com (grundy) Date: Tue, 5 Jun 2007 13:19:58 -0400 Subject: Need some security advice for systemtap In-Reply-To: <4664691E.7010803@redhat.com> References: <4664691E.7010803@redhat.com> Message-ID: <20070605171957.GF11630@us.ibm.com> I think a good way to handle it would be to have a configuration file like /etc/sudoers and setuid root stap (or staprun). The access control would then be built into systemtap. Here are my ideas of what would make a "good" set of controls: - level of tap script they can run, e.g. guru mode code or not - sections of the kernel they can access (maybe this is better represented as what tapsets may they use) - how much overhead are they allowed to put on the system - are they allowed to look at data for other user's processes - are they allowed to reference line #'s or direct memory addrs I think that it would probably mean having a list created at compile time that indicates what things the resulting modules do. staprun would then create a permissions "mask" for the user and compare it to what is in the module (yeah, ummm, magic happens here?) or maybe when the module loads it looks at it's internal list and the permissions of the calling user (passed in by staprun) and decides if it will run or not. Thanks Mike From dsmith at redhat.com Tue Jun 5 20:39:45 2007 From: dsmith at redhat.com (David Smith) Date: Tue, 05 Jun 2007 15:39:45 -0500 Subject: Need some security advice for systemtap In-Reply-To: <466522FF.8080801@wpkg.org> References: <4664691E.7010803@redhat.com> <466522FF.8080801@wpkg.org> Message-ID: <4665CA11.5050107@redhat.com> Tomasz Chmielewski wrote: > David Smith schrieb: > > (...) > >> Some basic ideas about how we can allow users without sudo access to >> run "blessed" scripts/modules can be seen at >> , >> >> So, I'm looking for thoughts, criticisms, pointers, etc. to do this in >> a manner that won't allow a system to be easily compromised. We're >> in the fairly early stages of this idea, and I'm looking for direction >> before heading down the wrong road. > > Am I right? Is it security based on md5sum? That was the basic idea. It would be easy enough to substitute a better hash function - I'm guessing one of the shaXXXsum would be more robust. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From dsmith at redhat.com Tue Jun 5 20:56:39 2007 From: dsmith at redhat.com (David Smith) Date: Tue, 05 Jun 2007 15:56:39 -0500 Subject: Need some security advice for systemtap In-Reply-To: <20070605171957.GF11630@us.ibm.com> References: <4664691E.7010803@redhat.com> <20070605171957.GF11630@us.ibm.com> Message-ID: <4665CE07.20303@redhat.com> grundy wrote: > I think a good way to handle it would be to have a configuration file > like /etc/sudoers and setuid root stap (or staprun). The access control > would then be built into systemtap. > > Here are my ideas of what would make a "good" set of controls: > > - level of tap script they can run, e.g. guru mode code or not > - sections of the kernel they can access (maybe this is > better represented as what tapsets may they use) > - how much overhead are they allowed to put on the system > - are they allowed to look at data for other user's processes > - are they allowed to reference line #'s or direct memory addrs That sounds nice, but I'm worried about implementing such a feature correctly, on at least two levels. First, you assume that systemtap can correctly characterize the effects a script will have on the system. Then you want to add an ACL system into systemtap based on those effects. One advantage the proposed system has is that there *is* a human in the loop, a root user who will (hopefully) look at a script and check it out before "blessing" it. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From bugzilla at redhat.com Thu Jun 7 02:37:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 6 Jun 2007 22:37:10 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200706070237.l572bAJn004223@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 bojan at rexursive.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bojan at rexursive.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From peak at argo.troja.mff.cuni.cz Fri Jun 8 21:06:08 2007 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Fri, 8 Jun 2007 23:06:08 +0200 (CEST) Subject: Need some security advice for systemtap In-Reply-To: <20070605171957.GF11630@us.ibm.com> Message-ID: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> On Mon, 4 Jun 2007, David Smith wrote: > One of the complaints we get from users is that we require root access > (using sudo) to install/remove the kernel module. Large enterprise > customers typically don't give out sudo access to all admins. So, they > would like a way to designate certain scripts/modules as "blessed", and > allow admins/developers/etc. without root access to run those "blessed" > scripts/modules. The easiest way to designate a certain script as "blessed" (and quite difficult to goof it up) is to let a trusted user take the source of the script, check it, make a kernel module, and install it into a designated directory on the target system (or systems), perhaps under "/lib/modules/$version". This is similar to keeping a list of allowed hashes as proposed on Bugzilla but simpler. You need the compiled code to compute the hash anyway. If you are afraid of allowing "untrusted admins" run "sudo modprobe the_probe" (but not afraid of allowing to run your own setuid root program) you can create something like "sustaprun" that will make it possible to load blessed modules (from the designated directory) only. You might also exploit module autoloading (something like adding "alias binfmt-1234 the_probe" to modprobe.conf and making an attempt to execute a file starting with 1234) but it would make it difficult to grant different users the ability to load different sets of modules and to remove modules. On Tue, 5 Jun 2007, grundy wrote: > I think a good way to handle it would be to have a configuration file > like /etc/sudoers and setuid root stap (or staprun). The access control > would then be built into systemtap. It is an attractive idea but I am afraid it will turn out to be a sort of conceptual minefield when you start working on it. > Here are my ideas of what would make a "good" set of controls: > > - level of tap script they can run, e.g. guru mode code or not Guru mode means the ability to run arbitrary C code in the kernel space. It is easier to give them the root password. > - sections of the kernel they can access (maybe this is > better represented as what tapsets may they use) I think the history has taught us it is much better to express policy rules in the terms of elementary operations than in the terms of procedures, modules or whole programs. The latter choice turns the procedures etc. into trusted components--correct enforcement of policy relies on their correct behaviour, and this is a very bad thing. Unfortunately, any block of embedded C code is a black box (and it has to power to turn anything in its vicinity into black boxes). One reasonable approach might be to form a group of trusted tapsets allowed to use embedded C code (and perhaps other kinds of privileged operations) even without guru mode. They would form a kind of "TCB". The policy would provide a set of trusted tapsets (and perhaps additional restrictions) and the script and any untrusted tapsets it uses would have to obey it. > - how much overhead are they allowed to put on the system This is not a property of an individual script. A million of tiny lightweight scripts can kill the system as well as (and perhaps even better than) a single heavyweight script. > - are they allowed to look at data for other user's processes You'd have to deal with the fact that many useful predefined functions (kernel_string() just to name one example) appear to take arbitrary numbers, interpret them as pointers, and fetch a value at that address, making it possible to read all kernel memory. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." From bugzilla at redhat.com Sun Jun 10 09:44:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 10 Jun 2007 05:44:32 -0400 Subject: [Bug 243591] New: c-ares < 1.4.0 DNS cache poisoning vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 Summary: c-ares < 1.4.0 DNS cache poisoning vulnerability Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: c-ares AssignedTo: tcallawa at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html "The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Jun 10 09:54:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 10 Jun 2007 05:54:53 -0400 Subject: [Bug 243592] New: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592 Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities Product: Fedora Extras Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: cacti AssignedTo: mmcgrath at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3112 "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3113 "Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter." The patch linked to in the reports applies to 0.8.6j too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From ville.skytta at iki.fi Sun Jun 10 10:31:30 2007 From: ville.skytta at iki.fi (Ville =?utf-8?q?Skytt=C3=A4?=) Date: Sun, 10 Jun 2007 13:31:30 +0300 Subject: Fedora 7 and the Security Response Team In-Reply-To: <23088.1175556679@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> Message-ID: <200706101331.31674.ville.skytta@iki.fi> On Tuesday 03 April 2007, Josh Bressers wrote: > As everybody is no doubt aware, Fedora 7 is bringing a number of changes, > one of which will be putting the burden of security on the Fedora Security > Response Team. Right now it's basically the Red Hat Security Response Team > working on Core, and not much of anything happening for Extras. This is > going to change. Any updates on this? It looks to me as if things have changed for worse. I haven't seen any other activity in CVS than my own updates to the fe* files. There's no merged f7 audit file, and nobody appears to be keeping fc* up to date either, and security related Bugzilla entries besides the ones I've filed (if there are any others, dunno) do not seem to be Cc'd to this list. As of now, I'm suspending my efforts to routinely track CVE's and other sources until the situation becomes clearer. With the number of people even reporting issues and keeping CVS up to date (*one* commit in 2007 to fe* by someone besides me, in February, and none in fc* by anyone since May) being close to zero, and being the only one who does that not being what I "signed up" for, I don't think it would be responsible behaviour from me to keep doing it in the current circumstances. Full, timely coverage is simply way too much work, and casually doing it might give a false impression to users and maintainers that things would be properly tracked. From bressers at redhat.com Mon Jun 11 15:42:05 2007 From: bressers at redhat.com (Josh Bressers) Date: Mon, 11 Jun 2007 11:42:05 -0400 Subject: Fedora 7 and the Security Response Team In-Reply-To: <200706101331.31674.ville.skytta@iki.fi> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> Message-ID: <23843.1181576525@devserv.devel.redhat.com> > > Any updates on this? It looks to me as if things have changed for worse. As of today, yes, things are pretty much a mess. I take personal responsibility for this and also plan to address the issues. > > I haven't seen any other activity in CVS than my own updates to the fe* files. > There's no merged f7 audit file, and nobody appears to be keeping fc* up to > date either, and security related Bugzilla entries besides the ones I've > filed (if there are any others, dunno) do not seem to be Cc'd to this list. Most bugzilla entries are not CC'd to this list. I'm not sure that's the right thing to do as it generates a lot of noise. The fc file is horribly behind, but there have been numerous Fedora Core bugs filed. One of the issues we have is that when two data sources are used, one will get neglected. In this instance for the Red Hat Security Response Team it's the fc file. > > As of now, I'm suspending my efforts to routinely track CVE's and other > sources until the situation becomes clearer. With the number of people even > reporting issues and keeping CVS up to date (*one* commit in 2007 to fe* by > someone besides me, in February, and none in fc* by anyone since May) being > close to zero, and being the only one who does that not being what I "signed > up" for, I don't think it would be responsible behaviour from me to keep > doing it in the current circumstances. Full, timely coverage is simply way > too much work, and casually doing it might give a false impression to users > and maintainers that things would be properly tracked. > I don't blame you Ville, your effort has been noticed and is appreciated. Thanks for the work you've done. Here is what's going to happen later today. (I was on holiday last week and there was a shitstorm of security issues over the past few months). I've been putting this off for too long now. I'm going to merge the fc6 and fe6 files. There are a number of CVE ids that are missing from this file. I have a rather extensive private list that I'll merge into this list. The result is going to be an fc7 file that will need a lot of work. How you can help. Any help will be appreciated and accepted. Once the FC7 file exists, we will need to go through the CVE ids and identify which flaws need to be addressed. Some of the ids will be low hanging fruit that will only take a few minutes to verify. Other will take a long time and it's possible you will have to go through source. I'm not sure how to section off this file, anyone with any ideas? For the F8 timeline I hope to see bugzilla used extensively for tracking CVE ids. There is now a security response queue which was created for this exact purpose. For F7 though, I'd rather see an ugly system than none at all. We shall worry about the future once we have a present. Sorry and thanks. -- JB From kevin at tummy.com Mon Jun 11 15:52:07 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Mon, 11 Jun 2007 09:52:07 -0600 Subject: Fedora 7 and the Security Response Team In-Reply-To: <23843.1181576525@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> Message-ID: <20070611095207.19c4266d@ghistelwchlohm.scrye.com> On Mon, 11 Jun 2007 11:42:05 -0400 Josh Bressers wrote: ...snip... > I don't blame you Ville, your effort has been noticed and is > appreciated. Thanks for the work you've done. Yeah, I have been lurking in this list for a while and I really appreciate your efforts Ville. > Here is what's going to happen later today. (I was on holiday last > week and there was a shitstorm of security issues over the past few > months). I've been putting this off for too long now. > > I'm going to merge the fc6 and fe6 files. There are a number of CVE > ids that are missing from this file. I have a rather extensive > private list that I'll merge into this list. The result is going to > be an fc7 file that will need a lot of work. > > > How you can help. I've been wanting to help, but not sure of practices and procedures used. Perhaps we could clarify a few things for me: - Only security bugs with CVE's are tracked? What if we spot something that has no CVE? - Should the filed bug have a CC to the list? I guess you mentioned this above. I think it's probibly a good idea so folks can see the progress of fixes. - Is there any key for the format of the audit cvs files? - Is there any acl on the audit files? Who is allowed to update those? > Any help will be appreciated and accepted. Once the FC7 file exists, > we will need to go through the CVE ids and identify which flaws need > to be addressed. Some of the ids will be low hanging fruit that will > only take a few minutes to verify. Other will take a long time and > it's possible you will have to go through source. > I'm not sure how to section off this file, anyone with any ideas? Well, if it will be listed in cvs, can't we just have folks go and update as they process? > For the F8 timeline I hope to see bugzilla used extensively for > tracking CVE ids. There is now a security response queue which was > created for this exact purpose. For F7 though, I'd rather see an > ugly system than none at all. We shall worry about the future once > we have a present. Quite. > Sorry and thanks. kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mjc at redhat.com Mon Jun 11 15:59:18 2007 From: mjc at redhat.com (Mark J Cox) Date: Mon, 11 Jun 2007 16:59:18 +0100 (BST) Subject: Fedora 7 and the Security Response Team In-Reply-To: <20070611095207.19c4266d@ghistelwchlohm.scrye.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> Message-ID: <0706111656000.21077@awe.com> > - Only security bugs with CVE's are tracked? What if we spot something > that has no CVE? If it's something that is already public (for example some description of the flaw exists outside of bugzilla and it's obvious it's a security issue) then we can alert Mitre and they'll assign a name within a day or two. If it's something that's not particularly public (for example someone reports an issue but not obvious it has security consequences) then I am a Candidate Naming Authority for CVE and can allocate a name to Fedora. Thanks, Mark -- Mark J Cox / Red Hat Security Response Team From dsmith at redhat.com Mon Jun 11 13:09:13 2007 From: dsmith at redhat.com (David Smith) Date: Mon, 11 Jun 2007 08:09:13 -0500 Subject: Need some security advice for systemtap In-Reply-To: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> References: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> Message-ID: <466D4979.7010306@redhat.com> Thanks for the response. See stuff below. Pavel Kankovsky wrote: > On Mon, 4 Jun 2007, David Smith wrote: > >> One of the complaints we get from users is that we require root access >> (using sudo) to install/remove the kernel module. Large enterprise >> customers typically don't give out sudo access to all admins. So, they >> would like a way to designate certain scripts/modules as "blessed", and >> allow admins/developers/etc. without root access to run those "blessed" >> scripts/modules. > > The easiest way to designate a certain script as "blessed" (and quite > difficult to goof it up) is to let a trusted user take the source of the > script, check it, make a kernel module, and install it into a designated > directory on the target system (or systems), perhaps under > "/lib/modules/$version". That's my current thinking. Seems easier from a user's point of view and less fragile from a security point of view. > If you are afraid of allowing "untrusted admins" run "sudo modprobe > the_probe" (but not afraid of allowing to run your own setuid root > program) you can create something like "sustaprun" that will make it > possible to load blessed modules (from the designated directory) only. That's also my current thinking. I'm trying to prototype this now. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From bressers at redhat.com Mon Jun 11 17:24:34 2007 From: bressers at redhat.com (Josh Bressers) Date: Mon, 11 Jun 2007 13:24:34 -0400 Subject: Fedora 7 and the Security Response Team In-Reply-To: <20070611095207.19c4266d@ghistelwchlohm.scrye.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> Message-ID: <31717.1181582674@devserv.devel.redhat.com> > > > > > > How you can help. > > I've been wanting to help, but not sure of practices and procedures > used. > > Perhaps we could clarify a few things for me: > > > - Should the filed bug have a CC to the list? I guess you mentioned > this above. I think it's probibly a good idea so folks can see the > progress of fixes. While I'm personally not a fan of this, if people want it, we should probably do it. > > - Is there any key for the format of the audit cvs files?=20 Not really, look at what's there to get an idea of how it goes. > > - Is there any acl on the audit files? Who is allowed to update those? Here is the current list: avail | mjc,bressers,jorton,notting,sopwith,katzj,holtmann | fedora-security avail | lkundrak | fedora-security avail | jkeating,ausil,tibbs,kaboom,scop,questor | fedora-security If you're willing to help, access can be granted. > > > Any help will be appreciated and accepted. Once the FC7 file exists, > > we will need to go through the CVE ids and identify which flaws need > > to be addressed. Some of the ids will be low hanging fruit that will > > only take a few minutes to verify. Other will take a long time and > > it's possible you will have to go through source. > > I'm not sure how to section off this file, anyone with any ideas? > > Well, if it will be listed in cvs, can't we just have folks go and > update as they process? Ideally, yes. I however don't want people to duplicate work. I suspect the easiest way is going to be for someone to just mark a block of ids as what they're working on. Something like **** bressers **** CVE blah blah blah ... ===> Lots of CVE ids here CVE blah blah blah **** bressers **** Check in some bits to make it known you're on it, then start wading through the manure. Thanks. -- JB From dsmith at redhat.com Mon Jun 11 18:35:00 2007 From: dsmith at redhat.com (David Smith) Date: Mon, 11 Jun 2007 13:35:00 -0500 Subject: Need some security advice for systemtap In-Reply-To: <466D4979.7010306@redhat.com> References: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> <466D4979.7010306@redhat.com> Message-ID: <466D95D4.2090903@redhat.com> David Smith wrote: > Thanks for the response. See stuff below. > > Pavel Kankovsky wrote: >> On Mon, 4 Jun 2007, David Smith wrote: >> >>> One of the complaints we get from users is that we require root access >>> (using sudo) to install/remove the kernel module. Large enterprise >>> customers typically don't give out sudo access to all admins. So, they >>> would like a way to designate certain scripts/modules as "blessed", and >>> allow admins/developers/etc. without root access to run those "blessed" >>> scripts/modules. >> >> The easiest way to designate a certain script as "blessed" (and quite >> difficult to goof it up) is to let a trusted user take the source of the >> script, check it, make a kernel module, and install it into a designated >> directory on the target system (or systems), perhaps under >> "/lib/modules/$version". > > That's my current thinking. Seems easier from a user's point of view > and less fragile from a security point of view. > >> If you are afraid of allowing "untrusted admins" run "sudo modprobe >> the_probe" (but not afraid of allowing to run your own setuid root >> program) you can create something like "sustaprun" that will make it >> possible to load blessed modules (from the designated directory) only. > > That's also my current thinking. I'm trying to prototype this now. After playing around with this a bit, here are my thoughts/plans. We've basically got 2 problems: (1) we want _certain_ non-privileged users (2) to be able to run _certain_ compiled scripts Solving both problems would look like this: (A) A sysadmin would compile systemtap tap scripts into kernel modules and store the module in something like /etc/systemtap/authorized_modules/$kernel_version/foo.ko (B) The sysadmin would add anyone needing to be able to run those modules to the new 'systemtap' group. (C) We'll have a new program, staprun.auth, which would be owned by root, group systemtap, and file permission would be 04110. Here's what a 'ls -l' would look like on it: ---s--x--- 1 root systemtap {size} {date} /usr/bin/staprun.auth This would mean that only people in the systemtap group could run staprun.auth and it would give them root privileges. staprun.auth would have similar arguments as staprun (more on that in a sec). staprun.auth would make sure the module is coming from /etc/systemtap/authorized_modules/$kernel_version and then just exec staprun. (D) staprun.auth will need to disallow certain staprun.auth command-line arguments, such as: - "-c CMD" (Command CMD will be run and the staprun program will exit when CMD does). We can't allow this since CMD would be run as root ("staprun.auth -c xterm module" would be a quick way to a root shell). - "-O FILE" (Send output to FILE). Since FILE gets created as root, that could be used by an user seeking to overwrite a file he couldn't normally. From a users point of view, it would look something like this: (as root, installing a new module) # stap -k -p4 -m stap_foo foo.stp Keeping temporary directory "/tmp/stapygupi1" # cp /tmp/stapygupil/stap_foo.ko /etc/systemtap/authorized_modules/`uname -r`/stap_foo.ko (as non-root user, running the new module) $ groups users systemtap (ah, good, this user is in the 'systemtap' group, which means he should be able to run staprun.auth) $ staprun.auth stap_foo.ko (staprun.auth will make sure /etc/systemtap/authorized_modules/`uname -r`/stap_foo.ko exists, then exec staprun with that module) -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From kevin at tummy.com Mon Jun 11 18:44:20 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Mon, 11 Jun 2007 12:44:20 -0600 Subject: Fedora 7 and the Security Response Team In-Reply-To: <31717.1181582674@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <31717.1181582674@devserv.devel.redhat.com> Message-ID: <20070611124420.388b452a@ghistelwchlohm.scrye.com> On Mon, 11 Jun 2007 13:24:34 -0400 Josh Bressers wrote: > > > > > > > > > How you can help. > > > > I've been wanting to help, but not sure of practices and procedures > > used. > > > > Perhaps we could clarify a few things for me: > > > > > > > - Should the filed bug have a CC to the list? I guess you mentioned > > this above. I think it's probibly a good idea so folks can see the > > progress of fixes. > > While I'm personally not a fan of this, if people want it, we should > probably do it. Well, I find it nice to be able to see replies from maintainers that they are looking at it, or need more info, etc. I don't know how much traffic it will end up being tho when there is more coverage. Might need re-evaluating if it's a gigantic pile. > > > > > - Is there any key for the format of the audit cvs files?=20 > > Not really, look at what's there to get an idea of how it goes. ok. > > > > - Is there any acl on the audit files? Who is allowed to update > > those? > > Here is the current list: > > avail | mjc,bressers,jorton,notting,sopwith,katzj,holtmann | > fedora-security avail | lkundrak | fedora-security > avail | jkeating,ausil,tibbs,kaboom,scop,questor | fedora-security > > If you're willing to help, access can be granted. Sure, I can assist. My FAS account is kevin... > > Well, if it will be listed in cvs, can't we just have folks go and > > update as they process? > > Ideally, yes. I however don't want people to duplicate work. I > suspect the easiest way is going to be for someone to just mark a > block of ids as what they're working on. Something like > > **** bressers **** > CVE blah blah blah > ... ===> Lots of CVE ids here > CVE blah blah blah > **** bressers **** > > Check in some bits to make it known you're on it, then start wading > through the manure. Yeah, that could work. We could use a wiki page, but since the cvs file is there, it makes sense to me to just use that. > > Thanks. > kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From caillon at redhat.com Mon Jun 11 18:55:43 2007 From: caillon at redhat.com (Christopher Aillon) Date: Mon, 11 Jun 2007 14:55:43 -0400 Subject: Fedora 7 and the Security Response Team In-Reply-To: <20070611095207.19c4266d@ghistelwchlohm.scrye.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> Message-ID: <466D9AAF.1080806@redhat.com> Kevin Fenzi wrote: > - Should the filed bug have a CC to the list? I guess you mentioned > this above. I think it's probibly a good idea so folks can see the > progress of fixes. I don't think we want to do this. Imagine someone files a bug to us with an embargo date of: future. Someone reading the list archives could easily get that information and release it to the public ahead of the embargo date. Essentially, by cc:ing a public list, we broke the embargo ourselves. We want to honor embargos as much as possible, so we can continue being in good favor with those who give us advance notification. Additionally, when we are planning to release something on a given day, and it turns out to get leaked, we have to scramble much more quickly. Not good for many reasons. From fedora-extras-commits at redhat.com Mon Jun 11 20:21:48 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Mon, 11 Jun 2007 16:21:48 -0400 Subject: fedora-security/audit fc7,1.1,1.2 Message-ID: <200706112021.l5BKLmBH012105@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv12078 Modified Files: fc7 Log Message: Add a number of outstanding CVE ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- fc7 11 Jun 2007 17:23:05 -0000 1.1 +++ fc7 11 Jun 2007 20:21:46 -0000 1.2 @@ -9,46 +9,97 @@ *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 *CVE-2007-3025 ignore (clamav, Solaris only) +*CVE-2007-3007 ignore (php) safe mode isn't safe +*CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +*CVE-2007-2874 (wpa_supplicant) #242455 *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) +*CVE-2007-2869 (firefox) *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 +*CVE-2007-2844 ignore (php) #241641 +*CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 +*CVE-2007-2799 (file) +*CVE-2007-2768 (openssh) +*CVE-2007-2756 ignore (gd) DoS only +*CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +*CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 *CVE-2007-2650 ** (clamav) #240395 +*CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 +*CVE-2007-2589 (squirrelmail) +*CVE-2007-2583 (mysql) +*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed +*CVE-2007-2511 ignore (php) #239011 see the bug +*CVE-2007-2510 (php) +*CVE-2007-2509 (php) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 +*CVE-2007-2452 (locate) +*CVE-2007-2447 (samba) +*CVE-2007-2446 (samba) *CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 +*CVE-2007-2444 (samba) *CVE-2007-2438 VULNERABLE (vim) #238734 +*CVE-2007-2437 ignore (xorg-x11) DoS only +*CVE-2007-2435 (java) *CVE-2007-2423 patch (moin, fixed 1.5.7-2) #238722 *CVE-2007-2413 version (perl-Imager, fixed 0.57) #238615 *CVE-2007-2381 ignore (MochiKit) #238616 +*CVE-2007-2356 (gimp) +*CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 +*CVE-2007-2243 (openssh) +*CVE-2007-2241 (bind) +*CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction +*CVE-2007-2172 (kernel) *CVE-2007-2165 VULNERABLE (proftpd) #237533 +*CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) *CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only) +*CVE-2007-2028 (freeradius) +*CVE-2007-2026 (file) *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) *CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only) +*CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 +*CVE-2007-1864 (php) +*CVE-2007-1862 (httpd) +*CVE-2007-1859 (xscreensaver) +*CVE-2007-1858 (tomcat) *CVE-2007-1856 VULNERABLE (vixie-cron) #235882 *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 *CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 +*CVE-2007-1743 (httpd) +*CVE-2007-1742 (httpd) +*CVE-2007-1741 (httpd) *CVE-2007-1732 ignore (wordpress) #235015 +*CVE-2007-1718 (php) +*CVE-2007-1717 (php) +*CVE-2007-1711 (php) +*CVE-2007-1710 (php) +*CVE-2007-1709 (php) +*CVE-2007-1667 (xorg-x11) +*CVE-2007-1649 (php) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 +*CVE-2007-1583 (php) *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] +*CVE-2007-1562 (firefox, seamonkey, thunderbird) +*CVE-2007-1560 (squid) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -56,13 +107,19 @@ *CVE-2007-1545 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 +*CVE-2007-1536 (file) +*CVE-2007-1521 (php) *CVE-2007-1515 version (imp, fixed 4.1.4) +*CVE-2007-1496 (kernel) +*CVE-2007-1484 (php) *CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) +*CVE-2007-1466 (openoffice.org) *CVE-2007-1464 version (inkscape, fixed 0.45.1) *CVE-2007-1463 version (inkscape, fixed 0.45.1) +*CVE-2007-1460 (php) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 *CVE-2007-1413 ignore (php) Windows NT SNMP specific @@ -78,41 +135,62 @@ *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) +*CVE-2007-1375 (php) *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +*CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 *CVE-2007-1325 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 +*CVE-2007-1287 (php) +*CVE-2007-1286 (php) +*CVE-2007-1285 (php) *CVE-2007-1282 version (seamonkey, fixed 1.0.8) *CVE-2007-1277 version (wordpress, fixed 2.1.2) *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 *CVE-2007-1263 version (gpgme, fixed 1.1.4) *CVE-2007-1263 version (gnupg, fixed 1.4.7) [since FEDORA-2007-315] +*CVE-2007-1262 (squirrelmail) *CVE-2007-1253 patch (blender, fixed 2.42a-21) #239338 *CVE-2007-1246 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] +*CVE-2007-1216 (krb5) *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) *CVE-2007-1054 version (mediawiki, fixed 1.8.4) *CVE-2007-1049 version (wordpress, fixed 2.1.1) #229991 +*CVE-2007-1036 (jboss) +*CVE-2007-1030 (libevent) +*CVE-2007-1007 (ekiga) *CVE-2007-1006 version (ekiga, fixed 2.0.5) #229259 [since FEDORA-2007-322] *CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 +*CVE-2007-1001 (php) *CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +*CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) +*CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 +*CVE-2007-0957 (krb5) +*CVE-2007-0956 (krb5) +*CVE-2007-0911 (php) +*CVE-2007-0910 (php) +*CVE-2007-0909 (php) +*CVE-2007-0908 (php) +*CVE-2007-0907 (php) +*CVE-2007-0906 (php) *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 @@ -128,7 +206,9 @@ *CVE-2007-0778 version (seamonkey, fixed 1.0.8) *CVE-2007-0777 version (seamonkey, fixed 1.0.8) *CVE-2007-0775 version (seamonkey, fixed 1.0.8) +*CVE-2007-0774 (mod_jk) *CVE-2007-0772 version (kernel) [since FEDORA-2007-291] +*CVE-2007-0771 (kernel) *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated @@ -137,6 +217,8 @@ *CVE-2007-0653 VULNERABLE (xmms) #233705 *CVE-2007-0650 ignore (tetex) needs user's assistance *CVE-2007-0619 version (chmlib, fixed 0.3.9) #225919 +*CVE-2007-0578 (mpg321) +*CVE-2007-0555 (postgresql) *CVE-2007-0541 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 @@ -153,18 +235,27 @@ *CVE-2007-0457 VULNERABLE (wireshark, fixed 0.99.5) #227140 *CVE-2007-0456 VULNERABLE (wireshark, fixed 0.99.5) #227140 *CVE-2007-0455 VULNERABLE (gd) #224610 +*CVE-2007-0454 (samba) +*CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] +*CVE-2007-0450 (tomcat) +*CVE-2007-0448 (php) *CVE-2007-0405 version (Django, fixed 0.95.1) *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +*CVE-2007-0243 (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 +*CVE-2007-0239 (openoffice.org) +*CVE-2007-0238 (openoffice.org) *CVE-2007-0235 VULNERABLE (libgtop2) #222637 not sure, will triage +*CVE-2007-0227 (slocate) *CVE-2007-0177 version (mediawiki, fixed 1.8.3) #221958 *CVE-2007-0160 patch (centericq, fixed 4.21.0-9) #227791 +*CVE-2007-0157 (neon) *CVE-2007-0109 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0107 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0106 version (wordpress, fixed 2.1-0) #223101 @@ -172,6 +263,12 @@ *CVE-2007-0104 ignore (kdegraphics) only client DoS *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue +*CVE-2007-0080 (freeradius) +*CVE-2007-0048 (acroread) +*CVE-2007-0046 (acroread) +*CVE-2007-0045 (acroread) +*CVE-2007-0044 (acroread) +*CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] @@ -181,29 +278,48 @@ *CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] *CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] +*CVE-2007-0001 (kernel) +*CVE-2006-7205 (php) +*CVE-2006-7204 (php) +*CVE-2006-7197 (tomcat) +*CVE-2006-7196 (tomcat) +*CVE-2006-7195 (tomcat) +*CVE-2006-7195 (tomcat) *CVE-2006-7193 ignore (php-Smarty, SMARTY_DIR is a constant) +*CVE-2006-7176 (sendmail) +*CVE-2006-7175 (sendmail) *CVE-2006-7162 version (putty, fixed 0.59) #231726 +*CVE-2006-7151 (libtool) +*CVE-2006-7139 (kmail) +*CVE-2006-7108 (util-linux) *CVE-2006-6979 backport (amarok, fixed 1.4.5-2) #228138 +*CVE-2006-6948 (myodbc) *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075 *CVE-2006-6899 version (bluez-utils, fixed 2.23) *CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] +*CVE-2006-6811 ignore (ksirc) DoS only *CVE-2006-6808 version (wordpress, fixed 2.1-0) #221023 *CVE-2006-6799 patch (cacti, fixed 0.8.6i-5) #222410 *CVE-2006-6772 backport (w3m) #221484 [since FEDORA-2007-077] +*CVE-2006-6745 (java-ibm) +*CVE-2006-6736 (java-ibm) +*CVE-2006-6731 (java-ibm) *CVE-2006-6719 backport (wget) #221469 [since FEDORA-2007-043] *CVE-2006-6698 VULNERABLE (GConf2) #219280 *CVE-2006-6693 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6692 ignore (zabbix, fixed 1.1.3, < 1.1.4 not shipped) *CVE-2006-6660 ignore (kdelibs) client Dos only, not reproducible +*CVE-2006-6628 (openoffice.org) *CVE-2006-6626 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6625 version (moodle, fixed 1.6.5) #220041 *CVE-2006-6610 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6609 version (nexuiz, fixed 2.2.1) #220034 *CVE-2006-6574 backport (mantis, fixed 1.0.6-2) #219937 *CVE-2006-6563 backport (proftpd, fixed 1.3.0a-3) #219938 +*CVE-2006-6561 (openoffice.org) *CVE-2006-6515 version (mantis, fixed 1.0.6) #219720 *CVE-2006-6505 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6504 version (seamonkey, fixed 1.0.7) #220516 @@ -214,6 +330,7 @@ *CVE-2006-6499 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516 +*CVE-2006-6493 (openldap) *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 *CVE-2006-6385 ignore (kernel) windows only @@ -227,6 +344,8 @@ *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash +*CVE-2006-6238 (konqueror) probably safari only +*CVE-2006-6236 (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 @@ -243,6 +362,9 @@ *CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] +*CVE-2006-6103 (xorg-x11) +*CVE-2006-6102 (xorg-x11) +*CVE-2006-6101 (xorg-x11) *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 *CVE-2006-6077 VULNERABLE (firefox) @@ -252,18 +374,24 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 +*CVE-2006-6027 (acroread) +*CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 +*CVE-2006-5969 (fvwm) +*CVE-2006-5941 (net-snmp) *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) *CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5871 version (kernel, fixed 2.6.10) +*CVE-2006-5870 (openoffice.org) *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 +*CVE-2006-5857 (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -273,8 +401,10 @@ *CVE-2006-5783 ignore (firefox) disputed *CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 *CVE-2006-5757 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 +*CVE-2006-5754 (kernel) *CVE-2006-5753 backport (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] *CVE-2006-5751 version (kernel, fixed 2.6.19, fixed 2.6.18.4) [since FEDORA-2006-1471] +*CVE-2006-5750 (jboss) *CVE-2006-5749 VULNERABLE (kernel, fixed 2.6.20-rc2) *CVE-2006-5748 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5748 version (seamonkey, fixed 1.0.6) #214822 @@ -314,6 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] +*CVE-2006-5330 (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -352,6 +483,7 @@ *CVE-2006-4925 ignore (openssh) client crash only *CVE-2006-4924 backport (openssh, fixed 4.4) *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr +*CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-4813 version (kernel, fixed 2.6.13) *CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch @@ -369,6 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability +*CVE-2006-4640 (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -429,6 +562,7 @@ *CVE-2006-4330 version (wireshark, fixed 0.99.3) *CVE-2006-4310 ignore (firefox) crash only *CVE-2006-4262 backport (cscope) +*CVE-2006-4261 (firefox) *CVE-2006-4253 version (thunderbird, fixed 1.5.0.7) *CVE-2006-4253 version (seamonkey, fixed 1.0.5) #209167 *CVE-2006-4253 version (firefox, fixed 1.5.0.7) @@ -439,9 +573,11 @@ *CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) *CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +*CVE-2006-4181 (gnuradius) *CVE-2006-4146 backport (gdb) *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) +*CVE-2006-4124 (lesstif) *CVE-2006-4096 backport (bind) *CVE-2006-4095 backport (bind) *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) @@ -503,6 +639,7 @@ *CVE-2006-3740 version (libXfont, fixed 1.2.2) *CVE-2006-3739 version (libXfont, fixed 1.2.2) *CVE-2006-3738 backport (openssl, fixed 0.9.8d) +*CVE-2006-3733 ignore (jboss) cisco only *CVE-2006-3731 ignore (firefox) just a user complicit crash *CVE-2006-3694 version (ruby, fixed 1.8.5) *CVE-2006-3677 version (thunderbird, fixed 1.5.0.5) @@ -521,6 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) +*CVE-2006-3587 (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -544,6 +682,8 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable +*CVE-2006-3311 (flash-plugin) +*CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) *CVE-2006-3174 version (squirrelmail, fixed 1.4.7) @@ -556,6 +696,7 @@ *CVE-2006-3113 version (thunderbird, fixed 1.5.0.5) *CVE-2006-3113 version (seamonkey, fixed 1.0.4) #200455 *CVE-2006-3113 version (firefox, fixed 1.5.0.5) +*CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) *CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux *CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) @@ -565,6 +706,7 @@ *CVE-2006-3018 version (php, fixed 5.1.3) *CVE-2006-3017 version (php, fixed 5.1.3) *CVE-2006-3016 version (php, fixed 5.1.3) +*CVE-2006-3014 ignore (flash-plugin) windows only *CVE-2006-3011 ignore (php) safe mode isn't safe *CVE-2006-3005 ignore (libjpeg) not a vuln *CVE-2006-2941 version (mailman, fixed 2.1.9) @@ -613,17 +755,20 @@ *CVE-2006-2661 version (freetype, fixed 2.2.1) *CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 +*CVE-2006-2657 (php) *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC *CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 *CVE-2006-2563 ignore (php) safe mode isn't safe +*CVE-2006-2502 (cyrus-imapd) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 *CVE-2006-2453 patch (dia, fixed 0.95-3) #192830 *CVE-2006-2452 version (gdm) *CVE-2006-2451 version (kernel, fixed 2.6.17.4) +*CVE-2006-2450 (vnc) *CVE-2006-2449 version (kdebase, fixed 3.5.4) *CVE-2006-2448 version (kernel, fixed 2.6.17) *CVE-2006-2447 version (spamassassin, fixed 3.1.3) @@ -801,6 +946,7 @@ *CVE-2006-1490 version (php, fixed 5.1.4) *CVE-2006-1470 version (openldap, not 2.3.24 at least) *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 +*CVE-2006-1370 (helixplayer) *CVE-2006-1368 version (kernel, fixed 2.6.16) *CVE-2006-1354 version (freeradius, fixed 1.1.2 at least) *CVE-2006-1343 version (kernel, fixed 2.6.16.19) @@ -827,13 +973,16 @@ *CVE-2006-1057 version (gdm, fixed 2.14.1) *CVE-2006-1056 version (kernel, fixed 2.6.16.9) *CVE-2006-1055 version (kernel, fixed 2.6.17) +*CVE-2006-1053 (fedora directory server) *CVE-2006-1052 version (kernel, fixed 2.6.16) *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) *CVE-2006-1015 ignore (php) safe mode isn't safe *CVE-2006-1014 ignore (php) safe mode isn't safe *CVE-2006-0996 version (php, fixed 5.1.4) +*CVE-2006-0987 (bind) *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) +*CVE-2006-0883 (openssh) *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) *CVE-2006-0841 version (mantis, fixed 1.0.1) @@ -853,9 +1002,11 @@ *CVE-2006-0746 version (kdegraphics, fixed 3.4) *CVE-2006-0745 version (xorg-x11-server, fixed 1.1.1 at least) *CVE-2006-0744 version (kernel, fixed 2.6.16.5) +*CVE-2006-0743 (log4net) *CVE-2006-0742 version (kernel, fixed 2.6.16) *CVE-2006-0741 version (kernel, fixed 2.6.15.5) *CVE-2006-0730 version (dovecot, 1.0beta[12] only) +*CVE-2006-0709 (metamail) *CVE-2006-0678 ignore (postgresql) we don't build --enable-cassert *CVE-2006-0670 version (bluez-hcidump, fixed 1.30) *CVE-2006-0665 version (mantis, fixed 1.0.1) @@ -879,9 +1030,13 @@ *CVE-2006-0456 ignore (kernel) s390 only *CVE-2006-0455 version (gnupg, fixed 1.4.2.1) *CVE-2006-0454 version (kernel, fixed 2.6.15.3) +*CVE-2006-0453 (fedora directory server) +*CVE-2006-0452 (fedora directory server) +*CVE-2006-0451 (fedora directory server) *CVE-2006-0405 version (libtiff, 3.8.0 only) *CVE-2006-0377 version (squirrelmail, fixed 1.4.6) *CVE-2006-0369 ignore (mysql) this is not a security issue +*CVE-2006-0323 (helixplayer) *CVE-2006-0322 version (mediawiki, fixed 1.5.8) *CVE-2006-0321 version (fetchmail, fixed 6.3.2) *CVE-2006-0301 version (poppler, fixed 0.4.5) @@ -919,9 +1074,12 @@ *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) *CVE-2006-0162 version (clamav, fixed 0.88) +*CVE-2006-0151 (sudo) +*CVE-2006-0150 (auth_ldap) *CVE-2006-0144 version (php-pear, not 1.4.4) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) +*CVE-2006-0105 (postgresql) *CVE-2006-0097 ignore (php) Windows only *CVE-2006-0096 ignore (kernel) minor and requires root *CVE-2006-0095 version (kernel, fixed 2.6.16) @@ -931,12 +1089,19 @@ *CVE-2006-0052 version (mailman, fixed 2.1.6) *CVE-2006-0049 version (gnupg, fixed 1.4.2.2) *CVE-2006-0047 version (freeciv, fixed 2.0.8) bz#184507 +*CVE-2006-0043 ignore (nfs-server) we use the kernel nfs server *CVE-2006-0042 version (libapreq2, fixed 2.0.7) *CVE-2006-0039 version (kernel, fixed 2.6.16.17) *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) +*CVE-2006-0024 (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) +*CVE-2006-0017 (fedora directory server) +*CVE-2006-0016 (fedora directory server) +*CVE-2005-4838 (tomcat) +*CVE-2005-4837 (net-snmp) +*CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) *CVE-2005-4809 VULNERABLE (firefox) *CVE-2005-4808 ignore (binutils, gas fixed 20050714) this is a bug @@ -958,6 +1123,7 @@ *CVE-2005-4635 version (kernel, fixed 2.6.15) *CVE-2005-4618 version (kernel, fixed 2.6.15) *CVE-2005-4605 version (kernel, fixed 2.6.15) +*CVE-2005-4601 (ImageMagick) *CVE-2005-4585 version (wireshark, fixed 0.10.14) *CVE-2005-4442 version (openldap) gentoo only *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] @@ -967,13 +1133,22 @@ *CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html +*CVE-2005-4130 (helixplayer) +*CVE-2005-4126 (helixplayer) *CVE-2005-4077 version (curl, fixed 7.15.1) +*CVE-2005-3964 (openmotif) *CVE-2005-3962 version (perl, fixed 5.8.8) +*CVE-2005-3896 (firefox,seamonkey,thunderbird) +*CVE-2005-3891 (pidgin) +*CVE-2005-3890 (pidgin) +*CVE-2005-3889 (pidgin) +*CVE-2005-3888 (pidgin) *CVE-2005-3883 version (php, fixed 5.1.1 at least) *CVE-2005-3858 version (kernel, fixed 2.6.13) *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) *CVE-2005-3847 version (kernel, fixed 2.6.12.6) +*CVE-2005-3812 (firefox,seamonkey,thunderbird) *CVE-2005-3810 version (kernel, fixed 2.6.15) *CVE-2005-3809 version (kernel, fixed 2.6.15) *CVE-2005-3808 version (kernel, fixed 2.6.15) @@ -992,6 +1167,7 @@ *CVE-2005-3651 version (wireshark, fixed 0.10.14) *CVE-2005-3632 version (netpbm) *CVE-2005-3631 version (udev) +*CVE-2005-3630 (fedora directory server) *CVE-2005-3629 version (initscripts, fixed 8.29 at least) *CVE-2005-3628 version (poppler, fixed 0.4.4) *CVE-2005-3628 version (kdegraphics, fixed 3.5.1) @@ -1014,9 +1190,11 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) +*CVE-2005-3591 (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) +*CVE-2005-3510 (tomcat) *CVE-2005-3402 ignore (thunderbird) mozilla say by design *CVE-2005-3392 version (php, not 5.0) *CVE-2005-3391 version (php, not 5.0) @@ -1027,9 +1205,11 @@ *CVE-2005-3358 version (kernel, fixed 2.6.11) *CVE-2005-3357 version (httpd, fixed 2.2.1) *CVE-2005-3356 version (kernel, fixed 2.6.16) +*CVE-2005-3354 (sylpheed) *CVE-2005-3353 version (php, not 5.0) *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) +*CVE-2005-3350 (libungif) *CVE-2005-3322 version (squid) not upstream, SUSE only *CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) @@ -1039,6 +1219,7 @@ *CVE-2005-3273 version (kernel, fixed 2.6.12) *CVE-2005-3272 version (kernel, fixed 2.6.13) *CVE-2005-3271 version (kernel, fixed 2.6.9) +*CVE-2005-3269 (fedora directory server) *CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) *CVE-2005-3249 version (wireshark, fixed 0.10.13) @@ -1066,6 +1247,7 @@ *CVE-2005-3185 version (wget, fixed 1.10.2 at least) *CVE-2005-3185 version (curl, fixed 7.15) *CVE-2005-3184 version (wireshark, fixed 0.10.13) +*CVE-2005-3183 (w3c-libwww) *CVE-2005-3181 version (kernel, fixed 2.6.13.4) *CVE-2005-3180 version (kernel, fixed 2.6.13.4) *CVE-2005-3179 version (kernel, fixed 2.6.13.4) @@ -1088,7 +1270,9 @@ *CVE-2005-2991 ignore (ncompress) don't ship zdiff or zcmp scripts *CVE-2005-2978 version (netpbm, fixed 10.25) *CVE-2005-2977 version (pam, fixed 0.99.2.1 at least) +*CVE-2005-2976 (gdk-pixbuf) *CVE-2005-2975 version (gtk2, fixed 2.8.7) +*CVE-2005-2974 (libungif) *CVE-2005-2973 version (kernel, fixed 2.6.14) *CVE-2005-2970 version (httpd, not 2.2) *CVE-2005-2969 version (openssl, fixed 0.9.8a) @@ -1096,9 +1280,11 @@ *CVE-2005-2968 version (thunderbird) *CVE-2005-2968 version (firefox) *CVE-2005-2959 ignore (sudo) not a vulnerability +*CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog +*CVE-2005-2922 (helixplayer) *CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) *CVE-2005-2874 version (cups, fixed 1.1.23) @@ -1114,6 +1300,7 @@ *CVE-2005-2796 version (squid, fixed 2.5.STABLE11) *CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) +*CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) *CVE-2005-2708 ignore (kernel) not reproducable on x86_64 *CVE-2005-2707 version (thunderbird) @@ -1135,6 +1322,8 @@ *CVE-2005-2666 version (openssh, fixed 4.0p1) *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) +*CVE-2005-2629 (helixplayer) +*CVE-2005-2628 (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -1213,6 +1402,7 @@ *CVE-2005-2096 version (rpm, fixed 4.4.2) *CVE-2005-2096 backport (zlib, fixed 1.2.2.4) *CVE-2005-2095 version (squirrelmail, fixed 1.4.5) +*CVE-2005-2090 (tomcat) *CVE-2005-2088 version (httpd, not 2.2) *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch @@ -1239,11 +1429,13 @@ *CVE-2005-1760 version (sysreport, fixed 1.4.1-3) *CVE-2005-1759 ignore (php) dead code path *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used +*CVE-2005-1753 (tomcat) *CVE-2005-1751 version (nmap, fixed 3.93 at least) *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable *CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) +*CVE-2005-1730 (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1257,6 +1449,7 @@ *CVE-2005-1532 version (firefox, fixed 1.0.4) *CVE-2005-1531 version (firefox, fixed 1.0.4) *CVE-2005-1519 version (squid, fixed 2.5.STABLE10) +*CVE-2005-1476 (firefox,seamonkey,thunderbird) *CVE-2005-1470 version (wireshark, fixed 0.10.11) *CVE-2005-1469 version (wireshark, fixed 0.10.11) *CVE-2005-1468 version (wireshark, fixed 0.10.11) @@ -1367,11 +1560,13 @@ *CVE-2005-0709 version (mysql, fixed 4.1.11) *CVE-2005-0705 version (wireshark, fixed after 0.10.9) *CVE-2005-0704 version (wireshark, fixed after 0.10.9) +*CVE-2005-0699 (wireshark) *CVE-2005-0698 version (wireshark, fixed after 0.10.9) *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) *CVE-2005-0626 version (squid, fixed 2.5.STABLE10) +*CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour *CVE-2005-0596 version (php, fixed 5.0) @@ -1389,6 +1584,7 @@ *CVE-2005-0584 version (firefox) *CVE-2005-0578 version (firefox) *CVE-2005-0565 version (kernel, not 2.6) +*CVE-2005-0546 (cyrus-imapd) *CVE-2005-0532 version (kernel, fixed 2.6.11) *CVE-2005-0531 version (kernel, fixed 2.6.11) *CVE-2005-0530 version (kernel, fixed 2.6.11) @@ -1409,6 +1605,8 @@ *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch *CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch +*CVE-2005-0455 (helixplayer) +*CVE-2005-0452 (perl) *CVE-2005-0449 version (kernel, fixed 2.6.11) *CVE-2005-0448 version (perl, fixed 5.8.6) *CVE-2005-0446 version (squid, fixed 2.5.STABLE9) @@ -1451,6 +1649,8 @@ *CVE-2005-0202 version (mailman, fixed 2.1.6) *CVE-2005-0201 version (dbus, fixed 0.36.1) *CVE-2005-0194 version (squid, fixed 2.5.STABLE8) +*CVE-2005-0191 (helixplayer) +*CVE-2005-0189 (helixplayer) *CVE-2005-0180 version (kernel, fixed 2.6.11) *CVE-2005-0179 version (kernel, fixed 2.6.11) *CVE-2005-0178 version (kernel, fixed 2.6.11) @@ -1509,6 +1709,7 @@ *CVE-2005-0034 version (bind, fixed after 9.3.0) *CVE-2005-0033 version (bind, not 9) *CVE-2005-0023 ignore (libvte) not a security risk +*CVE-2005-0022 (exim) *CVE-2005-0014 version (ncpfs, fixed 2.2.6) *CVE-2005-0013 version (ncpfs, fixed 2.2.6) *CVE-2005-0011 version (kdeedu, not 3.4) @@ -1523,7 +1724,10 @@ *CVE-2005-0001 version (kernel, fixed 2.6.10) *CVE-2004-2660 version (kernel, fixed 2.6.10) *CVE-2004-2657 ignore (firefox) windows only +*CVE-2004-2655 (xscreensaver) *CVE-2004-2654 version (squid, fixed 2.6STABLE6) +*CVE-2004-2645 (asn1c) +*CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) *CVE-2004-2589 version (gaim, fixed 0.82) *CVE-2004-2546 version (samba, fixed 3.0.6) @@ -1603,6 +1807,7 @@ *CVE-2004-1184 version (enscript, fixed 1.6.4 at least) *CVE-2004-1183 version (libtiff, fixed 3.7.2) *CVE-2004-1180 version (rwho, fixed 0.17) +*CVE-2004-1178 (mailman) *CVE-2004-1177 version (mailman, fixed 2.1.6) *CVE-2004-1176 version (mc, fixed 4.6.0) *CVE-2004-1175 version (mc, fixed 4.6.0) @@ -1801,6 +2006,7 @@ *CVE-2004-0558 version (cups, fixed 1.1.21) *CVE-2004-0557 version (sox, fixed after 12.17.4) *CVE-2004-0554 version (kernel, fixed 2.6.7) +*CVE-2004-0550 (helixplayer) *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue *CVE-2004-0547 version (postgresql, fixed 7.2.1) *CVE-2004-0541 version (squid) @@ -1850,6 +2056,7 @@ *CVE-2004-0394 version (kernel, not 2.6) also not a vulnerability *CVE-2004-0392 version (racoon, fixed 20040407b) *CVE-2004-0388 version (mysql, fixed 4.1.11 at least) +*CVE-2004-0387 (helixplayer) *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) *CVE-2004-0367 version (wireshark, fixed 0.10.3) *CVE-2004-0365 version (wireshark, fixed 0.10.3) @@ -1858,11 +2065,13 @@ *CVE-2004-0233 version (libutempter, fixed 0.5.5) *CVE-2004-0232 version (mc, fixed 4.6.0) *CVE-2004-0231 version (mc, fixed 4.6.0) +*CVE-2004-0230 (kernel) *CVE-2004-0229 version (kernel, fixed 2.6.6) *CVE-2004-0228 version (kernel, fixed 2.6.6) *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) +*CVE-2004-0185 (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -1917,9 +2126,12 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) +*CVE-2003-1329 (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) +*CVE-2003-1295 (xscreensaver) +*CVE-2003-1294 (xscreensaver) *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1265 VULNERABLE (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 *CVE-2003-1232 version (emacs, fixed 21.3) @@ -1963,6 +2175,7 @@ *CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) *CVE-2003-0900 version (perl, only 5.8.1) +*CVE-2003-0885 (xscreensaver) *CVE-2003-0865 version (tomcat, fixed after 4.0.3) *CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html *CVE-2003-0861 version (php, fixed 4.3.3) @@ -2387,8 +2600,19 @@ *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) *CVE-2001-1494 version (util-linux, fixed 2.11n) +*CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) +*CVE-2001-0935 (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) +*CVE-2001-0310 (sort) +*CVE-2001-0235 (vixie-cron) +*CVE-2001-0187 (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch +*CVE-2000-1137 (ed) +*CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch +*CVE-1999-1332 (gzip) +*CVE-1999-0997 (wu-ftpd) +*CVE-1999-0710 (squid) +*CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From dsmith at redhat.com Mon Jun 11 22:00:29 2007 From: dsmith at redhat.com (David Smith) Date: Mon, 11 Jun 2007 17:00:29 -0500 Subject: Need some security advice for systemtap In-Reply-To: References: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> <466D4979.7010306@redhat.com> <466D95D4.2090903@redhat.com> Message-ID: <466DC5FD.7090605@redhat.com> Frank Ch. Eigler wrote: > David Smith writes: > >> [...] >> Solving both problems would look like this: >> >> (A) A sysadmin would compile systemtap tap scripts into kernel modules >> and store the module in something like >> /etc/systemtap/authorized_modules/$kernel_version/foo.ko > > The suggestion of using /lib/modules itself is a great one. I'm OK with that. From later in your email it looks like you are shooting for /lib/modules/`uname -r`/systemtap, which seems reasonable. >> [...] >> (D) staprun.auth will need to disallow certain staprun.auth >> command-line arguments, such as: >> - "-c CMD" [...] >> - "-O FILE" [...] > > Actually, it doesn't. A setuid program can drop its privileges after > performing the root-only operations (module loading), and invoke the > rest of the normal commands as the real userid. Hmm. I was trying to duplicate as little of staprun as possible - just parse arguments, make sure the module is in the correct place, then exec staprun for all the real processing. I was trying to make staprun_auth a very thin wrapper around staprun. With your idea I don't see a way around duplicating all of staprun (not actual code duplication, but compiling all of staprun into staprun_auth). Perhaps there is a merged approach. Keep staprun_auth a thin wrapper around staprun, but change staprun to raise and lower privileges as needed when inserting/removing modules, setting up relayfs, etc. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From kevin at tummy.com Mon Jun 11 22:54:25 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Mon, 11 Jun 2007 16:54:25 -0600 Subject: Fedora 7 and the Security Response Team In-Reply-To: <466D9AAF.1080806@redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <466D9AAF.1080806@redhat.com> Message-ID: <20070611165425.20373754@ghistelwchlohm.scrye.com> On Mon, 11 Jun 2007 14:55:43 -0400 Christopher Aillon wrote: > Kevin Fenzi wrote: > > - Should the filed bug have a CC to the list? I guess you mentioned > > this above. I think it's probibly a good idea so folks can see the > > progress of fixes. > > I don't think we want to do this. Imagine someone files a bug to us > with an embargo date of: future. Someone reading the list archives > could easily get that information and release it to the public ahead > of the embargo date. Essentially, by cc:ing a public list, we broke > the embargo ourselves. Agreed, to be avoided. Can't we simply not add CC to the bugs that are under an embargo? Or is there no simple way to tell? > We want to honor embargos as much as possible, so we can continue > being in good favor with those who give us advance notification. > Additionally, when we are planning to release something on a given > day, and it turns out to get leaked, we have to scramble much more > quickly. Not good for many reasons. Absolutely. At the same time, bugs that are public already I think it's good to see progress on the list/in bugzilla. We may spot cases where maintainers need help, want more info, or otherwise could use input from the security list. Just my 2cents tho... if it's decided not to CC the list thats fine too. kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fche at redhat.com Mon Jun 11 21:32:12 2007 From: fche at redhat.com (Frank Ch. Eigler) Date: 11 Jun 2007 17:32:12 -0400 Subject: Need some security advice for systemtap In-Reply-To: <466D95D4.2090903@redhat.com> References: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> <466D4979.7010306@redhat.com> <466D95D4.2090903@redhat.com> Message-ID: David Smith writes: > [...] > Solving both problems would look like this: > > (A) A sysadmin would compile systemtap tap scripts into kernel modules > and store the module in something like > /etc/systemtap/authorized_modules/$kernel_version/foo.ko The suggestion of using /lib/modules itself is a great one. > (B) The sysadmin would add anyone needing to be able to run those > modules to the new 'systemtap' group. Good idea. > (C) We'll have a new program, staprun.auth, which would be owned by > root, group systemtap, and file permission would be 04110. Here's > what a 'ls -l' would look like on it: > > ---s--x--- 1 root systemtap {size} {date} /usr/bin/staprun.auth OK. > [...] > (D) staprun.auth will need to disallow certain staprun.auth > command-line arguments, such as: > - "-c CMD" [...] > - "-O FILE" [...] Actually, it doesn't. A setuid program can drop its privileges after performing the root-only operations (module loading), and invoke the rest of the normal commands as the real userid. > [...] > $ staprun.auth stap_foo.ko > (staprun.auth will make sure /etc/systemtap/authorized_modules/`uname > -r`/stap_foo.ko exists, then exec staprun with that module) > [...] It would be better to have staprun.auth perform the module loading and setup parts of current staprun, and defer the unprivileged work to ordinary staprun. Now, if only we could automate the sudo vs. setuid mechanisms... Maybe even SYSTEMTAP_DIR=/lib/modules/`uname -r`/systemtap? - FChE From kevin at tummy.com Tue Jun 12 03:04:40 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Mon, 11 Jun 2007 21:04:40 -0600 Subject: Fedora 7 and the Security Response Team In-Reply-To: <31717.1181582674@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <31717.1181582674@devserv.devel.redhat.com> Message-ID: <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> On Mon, 11 Jun 2007 13:24:34 -0400 Josh Bressers wrote: ...snipp.. > Ideally, yes. I however don't want people to duplicate work. I > suspect the easiest way is going to be for someone to just mark a > block of ids as what they're working on. Something like > > **** bressers **** > CVE blah blah blah > ... ===> Lots of CVE ids here > CVE blah blah blah > **** bressers **** > > Check in some bits to make it known you're on it, then start wading > through the manure. ok. Looking at the nice big pile you checked in, I think we might be served better by folks taking particular packages. Ie, if you are already examining a package for one CVE, it might be easier to just keep going on that package rather than switch to another one and have to pull up more cvs files, bugzilla, etc. Here's the top 10 of the ones you just checked in today: 30 (php) 14 (helixplayer) 11 (tomcat) 8 (fedoradirectoryserver) 7 (flash-plugin) 7 (acroread) 6 (openoffice.org) 6 (kernel) 5 (xscreensaver) 5 (wu-ftpd) Should all the flash-plugin, acroread and wu-ftpd ones be marked "ignore" since we don't ship them? Or removed? Also, what level of scrutiny should we use in checking for fixes? If a changelog lists the CVE being fixed, mark it? Should we check the patch against upstream or other distros fix? > > Thanks. > kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From mtasaka at ioa.s.u-tokyo.ac.jp Tue Jun 12 03:41:12 2007 From: mtasaka at ioa.s.u-tokyo.ac.jp (Mamoru Tasaka) Date: Tue, 12 Jun 2007 12:41:12 +0900 Subject: Fedora 7 and the Security Response Team In-Reply-To: <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <31717.1181582674@devserv.devel.redhat.com> <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> Message-ID: <466E15D8.6070109@ioa.s.u-tokyo.ac.jp> Oh.. I sent a reply to Kevin and did not sent to mailing list, resending... Kevin Fenzi wrote, at 06/12/2007 12:04 PM +9:00: > ok. Looking at the nice big pile you checked in, I think we might be > served better by folks taking particular packages. Ie, if you are > already examining a package for one CVE, it might be easier to just > keep going on that package rather than switch to another one and have > to pull up more cvs files, bugzilla, etc. > > Here's the top 10 of the ones you just checked in today: > > 30 (php) > 14 (helixplayer) > 11 (tomcat) > 8 (fedoradirectoryserver) > 7 (flash-plugin) > 7 (acroread) > 6 (openoffice.org) > 6 (kernel) > 5 (xscreensaver) > 5 (wu-ftpd) For xscreensaver, all CVE entries which were added today are for <4.18 and no longer affects FC-5+ xscreensaver (4.24<=) Mamoru (xscreensaver maintainer) From bressers at redhat.com Tue Jun 12 11:17:01 2007 From: bressers at redhat.com (Josh Bressers) Date: Tue, 12 Jun 2007 07:17:01 -0400 Subject: Fedora 7 and the Security Response Team In-Reply-To: <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <31717.1181582674@devserv.devel.redhat.com> <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> Message-ID: <16401.1181647021@devserv.devel.redhat.com> > > ok. Looking at the nice big pile you checked in, I think we might be > served better by folks taking particular packages. Ie, if you are > already examining a package for one CVE, it might be easier to just > keep going on that package rather than switch to another one and have > to pull up more cvs files, bugzilla, etc. This does make sense, yes. I'm also rather sure that most of the mess I checked in today is fixed in F7, so this would speed things up for the very reasons you mention. > > Here's the top 10 of the ones you just checked in today:=20 > > 30 (php) > 14 (helixplayer) > 11 (tomcat) > 8 (fedoradirectoryserver) > 7 (flash-plugin) > 7 (acroread) > 6 (openoffice.org) > 6 (kernel) > 5 (xscreensaver) > 5 (wu-ftpd) > > Should all the flash-plugin, acroread and wu-ftpd ones be marked > "ignore" since we don't ship them? Or removed?=20 Mark them ignore, no ship. The advantage to keeping the id in the file is that if we ever do start shipping those things, we have a list of things to look at. > > Also, what level of scrutiny should we use in checking for fixes?=20 > If a changelog lists the CVE being fixed, mark it? Should we check the > patch against upstream or other distros fix?=20 > If the changelog mentions it we should be inclined to believe it. If there is a reason to cast doubt we can invest more time. Thanks. -- JB From ville.skytta at iki.fi Tue Jun 12 15:24:11 2007 From: ville.skytta at iki.fi (Ville =?iso-8859-1?q?Skytt=E4?=) Date: Tue, 12 Jun 2007 18:24:11 +0300 Subject: Need some security advice for systemtap In-Reply-To: <466DC5FD.7090605@redhat.com> References: <20070608211641.13DE.0@paddy.troja.mff.cuni.cz> <466DC5FD.7090605@redhat.com> Message-ID: <200706121824.12377.ville.skytta@iki.fi> On Tuesday 12 June 2007, David Smith wrote: > I'm OK with that. From later in your email it looks like you are > shooting for /lib/modules/`uname -r`/systemtap, which seems reasonable. Without knowing a thing about systemtap, /lib/modules/`uname -r`/extra/systemtap could be better, that's what the "extra" dir exists for. From kevin at tummy.com Tue Jun 12 16:55:16 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Tue, 12 Jun 2007 10:55:16 -0600 Subject: Fedora 7 and the Security Response Team In-Reply-To: <466E15D8.6070109@ioa.s.u-tokyo.ac.jp> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <31717.1181582674@devserv.devel.redhat.com> <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> <466E15D8.6070109@ioa.s.u-tokyo.ac.jp> Message-ID: <20070612105516.3c959f0c@ghistelwchlohm.scrye.com> On Tue, 12 Jun 2007 12:41:12 +0900 Mamoru Tasaka wrote: > Oh.. I sent a reply to Kevin and did not sent to mailing list, > resending... > > Kevin Fenzi wrote, at 06/12/2007 12:04 PM +9:00: > > ok. Looking at the nice big pile you checked in, I think we might be > > served better by folks taking particular packages. Ie, if you are > > already examining a package for one CVE, it might be easier to just > > keep going on that package rather than switch to another one and > > have to pull up more cvs files, bugzilla, etc. > > > > Here's the top 10 of the ones you just checked in today: > > > > 30 (php) > > 14 (helixplayer) > > 11 (tomcat) > > 8 (fedoradirectoryserver) > > 7 (flash-plugin) > > 7 (acroread) > > 6 (openoffice.org) > > 6 (kernel) > > 5 (xscreensaver) > > 5 (wu-ftpd) > > For xscreensaver, all CVE entries which were added today are > for <4.18 and no longer affects FC-5+ xscreensaver (4.24<=) Excellent news. ;) I looked around briefly and xscreensaver seems to not really note when these things are fixed. Nothing in the changelog at jwz's site, or in your spec file changelog mention CVE's or security issues that I could see off hand. Or is there somewhere that I am not looking? That makes it hard to verify things. ;( You might consider adding info about security fixes to your changelog, and/or talk to Jamie and see if he is willing to note them in the upstream changelog. Thanks for the info. > Mamoru (xscreensaver maintainer) kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From kevin at tummy.com Tue Jun 12 19:23:40 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Tue, 12 Jun 2007 13:23:40 -0600 Subject: Fedora 7 and the Security Response Team In-Reply-To: <16401.1181647021@devserv.devel.redhat.com> References: <23088.1175556679@devserv.devel.redhat.com> <200706101331.31674.ville.skytta@iki.fi> <23843.1181576525@devserv.devel.redhat.com> <20070611095207.19c4266d@ghistelwchlohm.scrye.com> <31717.1181582674@devserv.devel.redhat.com> <20070611210440.5fbfbc68@ghistelwchlohm.scrye.com> <16401.1181647021@devserv.devel.redhat.com> Message-ID: <20070612132340.10080a08@ghistelwchlohm.scrye.com> On Tue, 12 Jun 2007 07:17:01 -0400 Josh Bressers wrote: > > > > ok. Looking at the nice big pile you checked in, I think we might be > > served better by folks taking particular packages. Ie, if you are > > already examining a package for one CVE, it might be easier to just > > keep going on that package rather than switch to another one and > > have to pull up more cvs files, bugzilla, etc. > > This does make sense, yes. I'm also rather sure that most of the > mess I checked in today is fixed in F7, so this would speed things up > for the very reasons you mention. Yeah. ;( > > Should all the flash-plugin, acroread and wu-ftpd ones be marked > > "ignore" since we don't ship them? Or removed?=20 > > Mark them ignore, no ship. The advantage to keeping the id in the > file is that if we ever do start shipping those things, we have a > list of things to look at. True. ok, marked. Feel free to tweak if I got any formatting wrong. > > > > Also, what level of scrutiny should we use in checking for fixes?=20 > > If a changelog lists the CVE being fixed, mark it? Should we check > > the patch against upstream or other distros fix?=20 > > > > If the changelog mentions it we should be inclined to believe it. If > there is a reason to cast doubt we can invest more time. Makes sense. I just checked in my first quick pass on krb5... if anyone would like to check that over and confirm that I am processing things right that would be great. > Thanks. kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fedora-extras-commits at redhat.com Tue Jun 12 19:02:07 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Tue, 12 Jun 2007 15:02:07 -0400 Subject: fedora-security/audit fc7,1.2,1.3 Message-ID: <200706121902.l5CJ27UT008067@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8011 Modified Files: fc7 Log Message: Initial pass at krb5 Mark packages we don't ship currently Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- fc7 11 Jun 2007 20:21:46 -0000 1.2 +++ fc7 12 Jun 2007 19:02:04 -0000 1.3 @@ -160,7 +160,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -*CVE-2007-1216 (krb5) +*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -183,8 +183,8 @@ *CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 -*CVE-2007-0957 (krb5) -*CVE-2007-0956 (krb5) +*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 +*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 *CVE-2007-0911 (php) *CVE-2007-0910 (php) *CVE-2007-0909 (php) @@ -246,7 +246,7 @@ *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] -*CVE-2007-0243 (java-ibm) +*CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0239 (openoffice.org) @@ -264,10 +264,10 @@ *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue *CVE-2007-0080 (freeradius) -*CVE-2007-0048 (acroread) -*CVE-2007-0046 (acroread) -*CVE-2007-0045 (acroread) -*CVE-2007-0044 (acroread) +*CVE-2007-0048 ignore, no-ship (acroread) +*CVE-2007-0046 ignore, no-ship (acroread) +*CVE-2007-0045 ignore, no-ship (acroread) +*CVE-2007-0044 ignore, no-ship (acroread) *CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) @@ -345,15 +345,15 @@ *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash *CVE-2006-6238 (konqueror) probably safari only -*CVE-2006-6236 (acroread) +*CVE-2006-6236 ignore, no-ship (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -*CVE-2006-6144 ** krb5 -*CVE-2006-6143 ** krb5 +*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 +*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] *CVE-2006-6128 VULNERABLE (kernel, fixed **) *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) @@ -374,7 +374,7 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 -*CVE-2006-6027 (acroread) +*CVE-2006-6027 ignore, no-ship (acroread) *CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 @@ -391,7 +391,7 @@ *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -*CVE-2006-5857 (acroread) +*CVE-2006-5857 ignore, no-ship (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -444,7 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] -*CVE-2006-5330 (flash-plugin) +*CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -501,7 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability -*CVE-2006-4640 (flash-plugin) +*CVE-2006-4640 ignore, no-ship (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -658,7 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) -*CVE-2006-3587 (flash-plugin) +*CVE-2006-3587 ignore, no-ship (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -682,7 +682,7 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable -*CVE-2006-3311 (flash-plugin) +*CVE-2006-3311 ignore, no-ship (flash-plugin) *CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) @@ -1095,7 +1095,7 @@ *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) -*CVE-2006-0024 (flash-plugin) +*CVE-2006-0024 ignore, no-ship (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) @@ -1190,7 +1190,7 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) -*CVE-2005-3591 (flash-plugin) +*CVE-2005-3591 ignore, no-ship (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) @@ -1323,7 +1323,7 @@ *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2629 (helixplayer) -*CVE-2005-2628 (flash-plugin) +*CVE-2005-2628 ignore, no-ship (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -2071,7 +2071,7 @@ *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) -*CVE-2004-0185 (wu-ftpd) +*CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -2126,7 +2126,7 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) -*CVE-2003-1329 (wu-ftpd) +*CVE-2003-1329 ignore, no-ship (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) @@ -2602,17 +2602,17 @@ *CVE-2001-1494 version (util-linux, fixed 2.11n) *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) -*CVE-2001-0935 (wu-ftpd) +*CVE-2001-0935 ignore, no-ship (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) *CVE-2001-0310 (sort) *CVE-2001-0235 (vixie-cron) -*CVE-2001-0187 (wu-ftpd) +*CVE-2001-0187 ignore, no-ship (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch *CVE-2000-1137 (ed) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) -*CVE-1999-0997 (wu-ftpd) +*CVE-1999-0997 ignore, no-ship (wu-ftpd) *CVE-1999-0710 (squid) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Jun 12 19:18:59 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Tue, 12 Jun 2007 15:18:59 -0400 Subject: fedora-security/audit fc7,1.3,1.4 Message-ID: <200706121918.l5CJIxe7008897@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv8876 Modified Files: fc7 Log Message: Mark last batch done. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- fc7 12 Jun 2007 19:02:04 -0000 1.3 +++ fc7 12 Jun 2007 19:18:56 -0000 1.4 @@ -160,7 +160,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -*CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 +CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -183,8 +183,8 @@ *CVE-2007-0988 (php) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 -*CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 -*CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 +CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 +CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 *CVE-2007-0911 (php) *CVE-2007-0910 (php) *CVE-2007-0909 (php) @@ -246,7 +246,7 @@ *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 *CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] *CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] -*CVE-2007-0243 ignore, no-ship (java-ibm) +CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 *CVE-2007-0239 (openoffice.org) @@ -264,10 +264,10 @@ *CVE-2007-0095 VULNERABLE (phpMyAdmin) #221694 *CVE-2007-0086 ignore (apache) not a security issue *CVE-2007-0080 (freeradius) -*CVE-2007-0048 ignore, no-ship (acroread) -*CVE-2007-0046 ignore, no-ship (acroread) -*CVE-2007-0045 ignore, no-ship (acroread) -*CVE-2007-0044 ignore, no-ship (acroread) +CVE-2007-0048 ignore, no-ship (acroread) +CVE-2007-0046 ignore, no-ship (acroread) +CVE-2007-0045 ignore, no-ship (acroread) +CVE-2007-0044 ignore, no-ship (acroread) *CVE-2007-0010 (gtk2) *CVE-2007-0009 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0009 ignore (seamonkey, uses system NSS) @@ -345,15 +345,15 @@ *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash *CVE-2006-6238 (konqueror) probably safari only -*CVE-2006-6236 ignore, no-ship (acroread) +CVE-2006-6236 ignore, no-ship (acroread) *CVE-2006-6235 patch (gnupg2, fixed 2.0.1-2) #218821 *CVE-2006-6235 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] *CVE-2006-6171 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6170 patch (proftpd, fixed 1.3.0a-1) #214820 *CVE-2006-6169 version (gnupg2, fixed 2.0.1) #217950 *CVE-2006-6169 backport (gnupg, fixed 1.4.6) [since FEDORA-2006-1406] -*CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 -*CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 +CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 +CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] *CVE-2006-6128 VULNERABLE (kernel, fixed **) *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) @@ -374,7 +374,7 @@ *CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 -*CVE-2006-6027 ignore, no-ship (acroread) +CVE-2006-6027 ignore, no-ship (acroread) *CVE-2006-6015 (pcre) *CVE-2006-5989 ignore (mod_auth_kerb) did not affect fc6 *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 @@ -391,7 +391,7 @@ *CVE-2006-5867 version (fetchmail, fixed 6.3.6) #221984 [since FEDORA-2007-042] *CVE-2006-5864 VULNERABLE (evince) #217672 *CVE-2006-5864 patch (gv, fixed 3.6.2-2) #215136 -*CVE-2006-5857 ignore, no-ship (acroread) +CVE-2006-5857 ignore, no-ship (acroread) *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 @@ -444,7 +444,7 @@ *CVE-2006-5453 patch (bugzilla, fixed 2.22-7) #212355 *CVE-2006-5397 VULNERABLE (libX11, 1.0.2 and 1.0.3 only) #213280 *CVE-2006-5331 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] -*CVE-2006-5330 ignore, no-ship (flash-plugin) +CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 @@ -501,7 +501,7 @@ *CVE-2006-4743 ignore (wordpress, dupe of an old non-issue) #206514 *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability -*CVE-2006-4640 ignore, no-ship (flash-plugin) +CVE-2006-4640 ignore, no-ship (flash-plugin) *CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) @@ -658,7 +658,7 @@ *CVE-2006-3627 version (wireshark, fixed 0.99.2) *CVE-2006-3626 version (kernel, fixed 2.6.17.6) *CVE-2006-3619 version (gcc, fixed 4.1.1-20060828 at least) -*CVE-2006-3587 ignore, no-ship (flash-plugin) +CVE-2006-3587 ignore, no-ship (flash-plugin) *CVE-2006-3582 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3581 version (adplug, fixed 2.0.1-1) #198108 *CVE-2006-3486 ignore (mysql, fixed 5.0.23) not exploitable @@ -682,7 +682,7 @@ *CVE-2006-3376 backport (libwmf) from changelog *CVE-2006-3352 ignore (firefox) not a vulnerability *CVE-2006-3334 ignore (libpng, fixed 1.2.12) not exploitable -*CVE-2006-3311 ignore, no-ship (flash-plugin) +CVE-2006-3311 ignore, no-ship (flash-plugin) *CVE-2006-3276 (helixplayer) *CVE-2006-3242 version (mutt, fixed 1.4.2.2, 1.5.12) *CVE-2006-3178 ignore (chmlib, extract_chmLib not shipped) @@ -1095,7 +1095,7 @@ *CVE-2006-0037 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0036 version (kernel, only 2.6.14 and 2.6.15) *CVE-2006-0035 version (kernel, only 2.6.14 and 2.6.15) -*CVE-2006-0024 ignore, no-ship (flash-plugin) +CVE-2006-0024 ignore, no-ship (flash-plugin) *CVE-2006-0019 version (kdelibs, fixed 3.5.1) *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) @@ -1190,7 +1190,7 @@ *CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) -*CVE-2005-3591 ignore, no-ship (flash-plugin) +CVE-2005-3591 ignore, no-ship (flash-plugin) *CVE-2005-3582 version (ImageMagick) gentoo only *CVE-2005-3573 version (mailman, fixed 2.1.7) *CVE-2005-3527 version (kernel, fixed 2.6.14) @@ -1323,7 +1323,7 @@ *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2629 (helixplayer) -*CVE-2005-2628 ignore, no-ship (flash-plugin) +CVE-2005-2628 ignore, no-ship (flash-plugin) *CVE-2005-2617 version (kernel, fixed 2.6.12.5) *CVE-2005-2602 ignore (thunderbird) probably *CVE-2005-2602 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=237085 @@ -2071,7 +2071,7 @@ *CVE-2004-0226 version (mc, fixed 4.6.0) *CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) -*CVE-2004-0185 ignore, no-ship (wu-ftpd) +CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) *CVE-2004-0183 version (tcpdump, fixed 3.8.2) *CVE-2004-0182 version (mailman) only affected Red Hat packages @@ -2126,7 +2126,7 @@ *CVE-2004-0005 version (gaim, fixed 0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) -*CVE-2003-1329 ignore, no-ship (wu-ftpd) +CVE-2003-1329 ignore, no-ship (wu-ftpd) *CVE-2003-1307 ignore (mod_php) not a vulnerability *CVE-2003-1303 version (php, fixed 4.3.3) *CVE-2003-1302 version (php, fixed 4.3.1) @@ -2602,17 +2602,17 @@ *CVE-2001-1494 version (util-linux, fixed 2.11n) *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) -*CVE-2001-0935 ignore, no-ship (wu-ftpd) +CVE-2001-0935 ignore, no-ship (wu-ftpd) *CVE-2001-0474 version (mesa, fixed 3.3-14) *CVE-2001-0310 (sort) *CVE-2001-0235 (vixie-cron) -*CVE-2001-0187 ignore, no-ship (wu-ftpd) +CVE-2001-0187 ignore, no-ship (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch *CVE-2000-1137 (ed) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) -*CVE-1999-0997 ignore, no-ship (wu-ftpd) +CVE-1999-0997 ignore, no-ship (wu-ftpd) *CVE-1999-0710 (squid) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Tue Jun 12 20:40:57 2007 From: fedora-extras-commits at redhat.com (Christoph Trassl (trassl)) Date: Tue, 12 Jun 2007 16:40:57 -0400 Subject: fedora-security/audit fc7,1.4,1.5 Message-ID: <200706122040.l5CKevn4022255@cvs-int.fedora.redhat.com> Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22232 Modified Files: fc7 Log Message: Processed rsync. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- fc7 12 Jun 2007 19:18:56 -0000 1.4 +++ fc7 12 Jun 2007 20:40:54 -0000 1.5 @@ -804,7 +804,7 @@ *CVE-2006-2162 version (nagios, fixed 2.3.1) bz#190612 *CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) *CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053 -*CVE-2006-2083 version (rsync, fixed 2.6.8) +CVE-2006-2083 version (rsync, fixed 2.6.8) *CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP *CVE-2006-2071 version (kernel, fixed 2.6.16.6) *CVE-2006-2057 ignore (firefox) not Linux @@ -1750,7 +1750,7 @@ *CVE-2004-2149 version (mysql, fixed 4.1.5) *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design -*CVE-2004-2093 ignore (rsync) not security issue +CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid) *CVE-2004-2069 version (openssh, not 4) *CVE-2004-2014 version (wget, fixed 1.10.1) *CVE-2004-2013 version (kernel, not 2.6) @@ -1946,7 +1946,7 @@ *CVE-2004-0797 version (zlib, fixed 1.2.2.2 at least) *CVE-2004-0797 version (zlib) *CVE-2004-0796 version (spamassassin, fixed 2.64) -*CVE-2004-0792 version (rsync, fixed 2.6.3) +CVE-2004-0792 version (rsync, fixed 2.6.3) *CVE-2004-0791 version (kernel, fixed 2.6.9) *CVE-2004-0790 version (kernel, not 2.6) *CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) @@ -2035,7 +2035,7 @@ *CVE-2004-0452 version (perl, fixed 5.8.8) *CVE-2004-0447 version (kernel, fixed 2.6.5) *CVE-2004-0427 version (kernel, fixed 2.6.6) -*CVE-2004-0426 version (rsync, fixed 2.6.1) +CVE-2004-0426 version (rsync, fixed 2.6.1) *CVE-2004-0424 version (kernel, fixed 2.6.4) *CVE-2004-0421 version (libpng, fixed 1.0.16) *CVE-2004-0419 version (xorg-x11, fixed 6.8.2 at least) @@ -2163,7 +2163,7 @@ *CVE-2003-0967 version (freeradius, fixed after 0.9.2) *CVE-2003-0965 version (mailman, fixed 2.1.4) *CVE-2003-0963 version (lftp, fixed after 2.6.9) -*CVE-2003-0962 version (rsync, fixed 2.5.7) +CVE-2003-0962 version (rsync, fixed 2.5.7) *CVE-2003-0961 version (kernel, fixed 2.4.23) *CVE-2003-0959 version (kernel, fixed 2.4.21) *CVE-2003-0956 version (kernel, fixed 2.4.22) @@ -2576,16 +2576,17 @@ *CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) -*CVE-2002-0080 version (rsync, fixed 2.5.3) +CVE-2002-0080 version (rsync, fixed 2.5.3) *CVE-2002-0069 version (squid, fixed 2.4STABLE4) *CVE-2002-0068 version (squid, fixed 2.4STABLE4) *CVE-2002-0067 version (squid, fixed 2.4STABLE4) *CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) -*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc) +*CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) +CVE-2002-0059 version (rsync, fixed 2.5.4/2.6.6) *CVE-2002-0059 version (zlib, fixed 1.1.4) -*CVE-2002-0048 version (rsync, fixed 2.5.2) +CVE-2002-0048 version (rsync, fixed 2.5.2) *CVE-2002-0046 version (kernel, fixed 2.4.0) *CVE-2002-0045 version (openldap, fixed 2.0.20) *CVE-2002-0044 version (enscript, fixed 1.6.4 at least) @@ -2615,4 +2616,5 @@ *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) *CVE-1999-0710 (squid) +CVE-1999-0473 version (rsync, fixed 2.3.1) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jun 13 02:28:18 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Tue, 12 Jun 2007 22:28:18 -0400 Subject: fedora-security/audit fc7,1.5,1.6 Message-ID: <200706130228.l5D2SIPu019823@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805 Modified Files: fc7 Log Message: Process openssh Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- fc7 12 Jun 2007 20:40:54 -0000 1.5 +++ fc7 13 Jun 2007 02:28:16 -0000 1.6 @@ -23,7 +23,7 @@ *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) -*CVE-2007-2768 (openssh) +CVE-2007-2768 VULNERABLE (openssh) *CVE-2007-2756 ignore (gd) DoS only *CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 @@ -54,7 +54,7 @@ *CVE-2007-2356 (gimp) *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 -*CVE-2007-2243 (openssh) +CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) *CVE-2007-2241 (bind) *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction *CVE-2007-2172 (kernel) @@ -395,7 +395,7 @@ *CVE-2006-5848 version (trac, fixed 0.10.1) #215077 *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 -*CVE-2006-5794 backport (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] +CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] *CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 *CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash *CVE-2006-5783 ignore (firefox) disputed @@ -449,7 +449,7 @@ *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5276 VULNERABLE (snort) #229265 -*CVE-2006-5229 ignore (openssh) not reproduced +CVE-2006-5229 ignore (openssh) not reproduced *CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 *CVE-2006-5215 version (xorg-x11-xdm) *CVE-2006-5215 ignore (kdebase) #212166 links to xinit Xsession @@ -466,8 +466,8 @@ *CVE-2006-5129 version (moodle, fixed 1.6.3) #206516 *CVE-2006-5111 version (libksba, fixed 0.9.14) *CVE-2006-5072 backport (mono) -*CVE-2006-5052 VULNERABLE (openssh, fixed 4.4) -*CVE-2006-5051 backport (openssh, fixed 4.4) +CVE-2006-5052 version (openssh, fixed 4.4) +CVE-2006-5051 version (openssh, fixed 4.4) #208459 *CVE-2006-4997 version (kernel, fixed 2.6.18) *CVE-2006-4980 version (python, fixed 2.4.4 at least) [since FEDORA-2006-1050] was backport since GA *CVE-2006-4976 ** (php-adodb) #208299 @@ -480,8 +480,8 @@ *CVE-2006-4937 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4936 version (moodle, fixed 1.6.3) #206516 *CVE-2006-4935 version (moodle, fixed 1.6.3) #206516 -*CVE-2006-4925 ignore (openssh) client crash only -*CVE-2006-4924 backport (openssh, fixed 4.4) +CVE-2006-4925 ignore (openssh) client crash only +CVE-2006-4924 version (openssh, fixed 4.4) #207957 *CVE-2006-4842 ignore (nspr) Nothing setuid links with nspr *CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] @@ -982,7 +982,7 @@ *CVE-2006-0987 (bind) *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-0883 (openssh) +CVE-2006-0883 version (openssh, fixed 3.8.1p1) *CVE-2006-0855 patch (zoo, patched in OpenSUSE "upstream", fixed 2.10-7) *CVE-2006-0847 version (python-cherrypy, fixed 2.1.1) *CVE-2006-0841 version (mantis, fixed 1.0.1) @@ -1066,7 +1066,7 @@ *CVE-2006-0292 version (firefox, fixed 1.5.1) *CVE-2006-0254 version (tomcat5, fixed 5.5.16) *CVE-2006-0236 ignore (thunderbird) windows only -*CVE-2006-0225 version (openssh, fixed 4.3p2) +CVE-2006-0225 version (openssh, fixed 4.3p2) #168167 *CVE-2006-0208 version (php, fixed 5.1.2) *CVE-2006-0207 version (php, fixed 5.1.2) *CVE-2006-0200 version (php, fixed 5.1.2) @@ -1295,8 +1295,8 @@ *CVE-2005-2811 version (net-snmp) not upstream, gentoo only *CVE-2005-2801 version (kernel, fixed 2.6.11) *CVE-2005-2800 version (kernel, fixed 2.6.12.6) -*CVE-2005-2798 version (openssh, fixed 4.2) -*CVE-2005-2797 version (openssh, fixed 4.2) +CVE-2005-2798 version (openssh, fixed 4.2) +CVE-2005-2797 version (openssh, fixed 4.2) *CVE-2005-2796 version (squid, fixed 2.5.STABLE11) *CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) @@ -1319,7 +1319,7 @@ *CVE-2005-2700 version (httpd, not 2.2) *CVE-2005-2693 backport (cvs) cvs-1.11.19-tmp.patch *CVE-2005-2672 version (lm_sensors, fixed 2.9.2) -*CVE-2005-2666 version (openssh, fixed 4.0p1) +CVE-2005-2666 version (openssh, fixed 4.0p1) *CVE-2005-2642 version (mutt) openbsd only *CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2629 (helixplayer) @@ -1751,7 +1751,7 @@ *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design CVE-2004-2093 ignore (rsync) not a security issue (rsync is not setuid) -*CVE-2004-2069 version (openssh, not 4) +CVE-2004-2069 version (openssh, not 4) *CVE-2004-2014 version (wget, fixed 1.10.1) *CVE-2004-2013 version (kernel, not 2.6) *CVE-2004-2004 version (configuration) SUSE only @@ -1761,7 +1761,7 @@ *CVE-2004-1772 version (sharutils, not 4.6) *CVE-2004-1761 version (wireshark, fixed 0.10.3) *CVE-2004-1689 version (sudo, fixed 1.6.8p1) -*CVE-2004-1653 ignore (openssh) +CVE-2004-1653 ignore (openssh) *CVE-2004-1639 version (firefox) *CVE-2004-1617 ignore (lynx) not able to verify flaw *CVE-2004-1488 version (wget, fixed 1.10.1) @@ -2082,7 +2082,7 @@ *CVE-2004-0178 version (kernel, not 2.6) *CVE-2004-0177 version (kernel, fixed 2.6.6) *CVE-2004-0176 version (wireshark, fixed 0.10.3) -*CVE-2004-0175 version (openssh, fixed 3.4p1) +CVE-2004-0175 version (openssh, fixed 3.4p1) *CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch *CVE-2004-0174 version (httpd, not 2.2) *CVE-2004-0173 version (httpd, not 2.2) @@ -2193,8 +2193,8 @@ *CVE-2003-0792 version (fetchmail, 6.2.4 only) *CVE-2003-0789 version (httpd, not 2.2) *CVE-2003-0788 version (cups, fixed 1.1.19) -*CVE-2003-0787 version (openssh, fixed 3.7.1p2) -*CVE-2003-0786 version (openssh, fixed 3.7.1p2) +CVE-2003-0787 version (openssh, fixed 3.7.1p2) +CVE-2003-0786 version (openssh, fixed 3.7.1p2) *CVE-2003-0780 version (mysql, not 4.1) *CVE-2003-0778 version (sane-backends, fixed 1.0.10) *CVE-2003-0777 version (sane-backends, fixed 1.0.10) @@ -2206,15 +2206,15 @@ *CVE-2003-0730 version (XFree86, fixed after 4.3.0) *CVE-2003-0700 version (kernel, not 2.6) *CVE-2003-0699 version (kernel, not 2.6) -*CVE-2003-0695 version (openssh, fixed 3.7.1) +CVE-2003-0695 version (openssh, fixed 3.7.1) *CVE-2003-0694 version (sendmail, fixed 8.12.10) -*CVE-2003-0693 version (openssh, fixed 3.7) +CVE-2003-0693 version (openssh, fixed 3.7) *CVE-2003-0692 version (kde, fixed after 3.1.3) *CVE-2003-0690 version (kde, fixed after 3.1.3) *CVE-2003-0689 version (glibc, fixed 2.3.2 at least) *CVE-2003-0688 version (sendmail, fixed 8.12.9) *CVE-2003-0686 version (pam_smb, fixed 1.1.7) -*CVE-2003-0682 version (openssh, fixed 4.0p1 at least) +CVE-2003-0682 version (openssh, fixed 4.0p1 at least) *CVE-2003-0681 version (sendmail, fixed 8.12.10) *CVE-2003-0655 version (cdrtools, fixed 2.01a18) *CVE-2003-0644 version (kdbg, not after 1.2.8) @@ -2260,7 +2260,7 @@ *CVE-2003-0427 backport (mikmod) from changelog *CVE-2003-0418 version (kernel, not 2.6) *CVE-2003-0388 version (pam, fixed 0.78) -*CVE-2003-0386 version (openssh, fixed after 3.6.1) +CVE-2003-0386 version (openssh, fixed after 3.6.1) *CVE-2003-0370 version (kde, fixed 3.0) *CVE-2003-0367 backport (gzip) gzip-1.3.5-openbsd-owl-tmp.patch *CVE-2003-0364 version (kernel, not 2.6) @@ -2291,7 +2291,7 @@ *CVE-2003-0195 version (cups, fixed 1.1.19) *CVE-2003-0194 version (tcpdump, not upstream) *CVE-2003-0192 version (httpd, not 2.2) -*CVE-2003-0190 version (openssh, fixed 3.6.1p1) +CVE-2003-0190 version (openssh, fixed after 3.6.1p1) *CVE-2003-0189 version (httpd, not 2.2) *CVE-2003-0188 version (lv, fixed 4.51 at least) *CVE-2003-0187 version (kernel, not 2.6) @@ -2520,10 +2520,10 @@ *CVE-2002-0655 version (openssl097a, not 0.9.7) *CVE-2002-0653 version (mod_ssl, not httpd 2.2) *CVE-2002-0651 version (bind, not 9) -*CVE-2002-0640 version (openssh, fixed after 3.3) -*CVE-2002-0639 version (openssh, fixed after 3.3) +CVE-2002-0640 version (openssh, fixed after 3.3) +CVE-2002-0639 version (openssh, fixed after 3.3) *CVE-2002-0638 version (util-linux, fixed 2.13 at least) -*CVE-2002-0575 version (openssh, fixed 3.2.1) +CVE-2002-0575 version (openssh, fixed 3.2.1) *CVE-2002-0570 ignore (kernel) not a vulnerability *CVE-2002-0517 version (XFree86) didn't affect Linux *CVE-2002-0516 version (squirrelmail, fixed 1.2.6) @@ -2573,7 +2573,7 @@ *CVE-2002-0129 ignore (efax) not setuid root *CVE-2002-0121 version (php, fixed after 4.1.1) *CVE-2002-0092 version (cve, fixed 1.10.8) -*CVE-2002-0083 version (openssh, fixed 3.1) +CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jun 13 14:00:43 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 13 Jun 2007 10:00:43 -0400 Subject: fedora-security/audit fc5,1.459,1.460 fc6,1.217,1.218 fc7,1.6,1.7 Message-ID: <200706131400.l5DE0hs2006175@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv6153 Modified Files: fc5 fc6 fc7 Log Message: Note a new libexif flaw Index: fc5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc5,v retrieving revision 1.459 retrieving revision 1.460 diff -u -r1.459 -r1.460 --- fc5 23 Mar 2007 13:32:24 -0000 1.459 +++ fc5 13 Jun 2007 14:00:41 -0000 1.460 @@ -3,6 +3,7 @@ ** are items that need attention +CVE-2007-4168 VULNERABLE (libexif) #243891 CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1475 ignore (php) unshipped ibase extension Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.217 retrieving revision 1.218 diff -u -r1.217 -r1.218 --- fc6 2 May 2007 17:44:54 -0000 1.217 +++ fc6 13 Jun 2007 14:00:41 -0000 1.218 @@ -3,6 +3,7 @@ ** are items that need attention +CVE-2007-4168 VULNERABLE (libexif) #243892 CVE-2007-2438 VULNERABLE (vim) #238734 CVE-2007-1856 VULNERABLE (vixie-cron) #235882 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- fc7 13 Jun 2007 02:28:16 -0000 1.6 +++ fc7 13 Jun 2007 14:00:41 -0000 1.7 @@ -4,6 +4,7 @@ *CVE are items that need verification for Fedora 7 +CVE-2007-4168 VULNERABLE (libexif) #243890 *CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jun 13 18:06:56 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 13 Jun 2007 14:06:56 -0400 Subject: fedora-security/audit fc7,1.7,1.8 Message-ID: <200706131806.l5DI6uen026025@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26004 Modified Files: fc7 Log Message: Deal with the squid CVE ids. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- fc7 13 Jun 2007 14:00:41 -0000 1.7 +++ fc7 13 Jun 2007 18:06:54 -0000 1.8 @@ -100,7 +100,7 @@ *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] *CVE-2007-1562 (firefox, seamonkey, thunderbird) -*CVE-2007-1560 (squid) +CVE-2007-1560 version (squid, fixed 2.6.STABLE12) *CVE-2007-1558 version (claws-mail, fixed 2.9.1) #237293 *CVE-2007-1558 backport (sylpheed, fixed 2.3.1-1) *CVE-2007-1547 version (nas, fixed 1.8a-2) #233353 @@ -245,8 +245,8 @@ *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) *CVE-2007-0262 version (wordpress, fixed 2.1-0) #223101 -*CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] -*CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] +CVE-2007-0248 version (squid, fixed 2.6.STABLE7) [since FEDORA-2007-073] +CVE-2007-0247 version (squid, fixed 2.6.STABLE7) #222883 [since FEDORA-2007-073] CVE-2007-0243 ignore, no-ship (java-ibm) *CVE-2007-0242 patch (qt4, fixed 4.2.3-7) *CVE-2007-0240 patch (zope, fixed 2.9.6-2) #233378 @@ -1211,7 +1211,7 @@ *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) *CVE-2005-3350 (libungif) -*CVE-2005-3322 version (squid) not upstream, SUSE only +CVE-2005-3322 version (squid) not upstream, SUSE only *CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) @@ -1221,7 +1221,7 @@ *CVE-2005-3272 version (kernel, fixed 2.6.13) *CVE-2005-3271 version (kernel, fixed 2.6.9) *CVE-2005-3269 (fedora directory server) -*CVE-2005-3258 version (squid, fixed 2.5STABLE12) +CVE-2005-3258 version (squid, fixed 2.5STABLE12) *CVE-2005-3257 version (kernel, fixed 2.6.15) *CVE-2005-3249 version (wireshark, fixed 0.10.13) *CVE-2005-3248 version (wireshark, fixed 0.10.13) @@ -1286,7 +1286,7 @@ *CVE-2005-2933 version (libc-client, fixed 2004g at least) *CVE-2005-2929 backport (lynx) changelog *CVE-2005-2922 (helixplayer) -*CVE-2005-2917 version (squid, fixed 2.5.STABLE11) +CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) *CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) @@ -1298,8 +1298,8 @@ *CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) CVE-2005-2797 version (openssh, fixed 4.2) -*CVE-2005-2796 version (squid, fixed 2.5.STABLE11) -*CVE-2005-2794 version (squid, fixed 2.5.STABLE11) +CVE-2005-2796 version (squid, fixed 2.5.STABLE11) +CVE-2005-2794 version (squid, fixed 2.5.STABLE11) *CVE-2005-2728 version (httpd, not 2.2) *CVE-2005-2710 (helixplayer) *CVE-2005-2709 version (kernel, fixed 2.6.14.3) @@ -1449,7 +1449,7 @@ *CVE-2005-1532 version (thunderbird) *CVE-2005-1532 version (firefox, fixed 1.0.4) *CVE-2005-1531 version (firefox, fixed 1.0.4) -*CVE-2005-1519 version (squid, fixed 2.5.STABLE10) +CVE-2005-1519 version (squid, fixed 2.5.STABLE10) *CVE-2005-1476 (firefox,seamonkey,thunderbird) *CVE-2005-1470 version (wireshark, fixed 0.10.11) *CVE-2005-1469 version (wireshark, fixed 0.10.11) @@ -1473,7 +1473,7 @@ *CVE-2005-1409 version (postgresql, fixed 8.0.1) *CVE-2005-1369 version (kernel, fixed 2.6.12) *CVE-2005-1368 version (kernel, fixed 2.6.12) -*CVE-2005-1345 version (squid, fixed 2.5.STABLE10) +CVE-2005-1345 version (squid, fixed 2.5.STABLE10) *CVE-2005-1344 ignore (httpd) not a vulnerability *CVE-2005-1281 version (wireshark, fixed 0.10.11) *CVE-2005-1280 version (tcpdump, fixed 3.9.2) @@ -1555,7 +1555,7 @@ *CVE-2005-0749 version (kernel, fixed 2.6.11.6) *CVE-2005-0739 version (wireshark, fixed after 0.10.9) *CVE-2005-0736 version (kernel, fixed 2.6.11) -*CVE-2005-0718 version (squid, fixed 2.5.STABLE8) +CVE-2005-0718 version (squid, fixed 2.5.STABLE8) *CVE-2005-0711 version (mysql, fixed 4.1.11) *CVE-2005-0710 version (mysql, fixed 4.1.11) *CVE-2005-0709 version (mysql, fixed 4.1.11) @@ -1566,7 +1566,7 @@ *CVE-2005-0664 version (libexif, fixed 0.6.12) *CVE-2005-0654 ignore (gimp, not fixed 2.2) upstream considers harmless *CVE-2005-0627 version (qt, fixed 3.3.4) -*CVE-2005-0626 version (squid, fixed 2.5.STABLE10) +CVE-2005-0626 version (squid, fixed 2.5.STABLE10) *CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour @@ -1610,7 +1610,7 @@ *CVE-2005-0452 (perl) *CVE-2005-0449 version (kernel, fixed 2.6.11) *CVE-2005-0448 version (perl, fixed 5.8.6) -*CVE-2005-0446 version (squid, fixed 2.5.STABLE9) +CVE-2005-0446 version (squid, fixed 2.5.STABLE9) *CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020 *CVE-2005-0403 version (kernel) not upstream *CVE-2005-0402 version (firefox, fixed 1.0.2) @@ -1631,7 +1631,7 @@ *CVE-2005-0246 version (postgresql, fixed 8.0.1) *CVE-2005-0245 version (postgresql, fixed 8.0.1) *CVE-2005-0244 version (postgresql, fixed 8.0.1) -*CVE-2005-0241 version (squid, fixed 2.5.STABLE8) +CVE-2005-0241 version (squid, fixed 2.5.STABLE8) *CVE-2005-0238 version (epiphany, fixed since mozilla 1.7.6) *CVE-2005-0237 version (kdelibs, fixed 3.4.0) *CVE-2005-0233 version (firefox, fixed 1.0.1) @@ -1640,7 +1640,7 @@ *CVE-2005-0230 version (thunderbird, fixed 1.0.2) *CVE-2005-0230 version (firefox, fixed 1.0.1) *CVE-2005-0227 version (postgresql, fixed 8.0.1) -*CVE-2005-0211 version (squid, fixed 2.5.STABLE8) +CVE-2005-0211 version (squid, fixed 2.5.STABLE8) *CVE-2005-0210 version (kernel, fixed 2.6.11) *CVE-2005-0209 version (kernel, fixed 2.6.11) *CVE-2005-0208 version (gaim, fixed 1.1.4) @@ -1649,7 +1649,7 @@ *CVE-2005-0204 version (kernel) didn't affect upstream *CVE-2005-0202 version (mailman, fixed 2.1.6) *CVE-2005-0201 version (dbus, fixed 0.36.1) -*CVE-2005-0194 version (squid, fixed 2.5.STABLE8) +CVE-2005-0194 version (squid, fixed 2.5.STABLE8) *CVE-2005-0191 (helixplayer) *CVE-2005-0189 (helixplayer) *CVE-2005-0180 version (kernel, fixed 2.6.11) @@ -1657,9 +1657,9 @@ *CVE-2005-0178 version (kernel, fixed 2.6.11) *CVE-2005-0177 version (kernel, fixed 2.6.11) *CVE-2005-0176 version (kernel, fixed 2.6.10) only affected 2.6.9 -*CVE-2005-0175 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0174 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0173 version (squid, fixed 2.5.STABLE8) +CVE-2005-0175 version (squid, fixed 2.5.STABLE8) +CVE-2005-0174 version (squid, fixed 2.5.STABLE8) +CVE-2005-0173 version (squid, fixed 2.5.STABLE8) *CVE-2005-0162 version (openswan, fixed 2.3.0) *CVE-2005-0156 version (perl, fixed 5.8.8) *CVE-2005-0155 version (perl, fixed 5.8.8) @@ -1685,10 +1685,10 @@ *CVE-2005-0103 version (squirrelmail, fixed 1.4.4) *CVE-2005-0102 version (evolution-data-server, fixed 1.2.2 at least) *CVE-2005-0100 version (emacs, fixed 21.4 at least) -*CVE-2005-0097 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0096 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0095 version (squid, fixed 2.5.STABLE8) -*CVE-2005-0094 version (squid, fixed 2.5.STABLE8) +CVE-2005-0097 version (squid, fixed 2.5.STABLE8) +CVE-2005-0096 version (squid, fixed 2.5.STABLE8) +CVE-2005-0095 version (squid, fixed 2.5.STABLE8) +CVE-2005-0094 version (squid, fixed 2.5.STABLE8) *CVE-2005-0092 version (kernel, not affected) *CVE-2005-0091 version (kernel, not affected) *CVE-2005-0090 version (kernel, not affected) @@ -1726,7 +1726,7 @@ *CVE-2004-2660 version (kernel, fixed 2.6.10) *CVE-2004-2657 ignore (firefox) windows only *CVE-2004-2655 (xscreensaver) -*CVE-2004-2654 version (squid, fixed 2.6STABLE6) +CVE-2004-2654 version (squid, fixed 2.6STABLE6) *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) @@ -1735,8 +1735,8 @@ *CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE *CVE-2004-2536 version (kernel, fixed 2.6.7) *CVE-2004-2531 version (gnutls, fixed 1.0.17) -*CVE-2004-2480 ignore (squid) , not reproducable -*CVE-2004-2479 version (squid, fixed 2.5.STABLE8) +CVE-2004-2480 ignore (squid) , not reproducable +CVE-2004-2479 version (squid, fixed 2.5.STABLE8) *CVE-2004-2396 version (passwd, fixed 0.69) *CVE-2004-2395 version (passwd, fixed 0.69) *CVE-2004-2394 version (passwd, fixed 0.69) @@ -1899,7 +1899,7 @@ *CVE-2004-0930 version (samba, fixed 3.0.8) *CVE-2004-0929 version (libtiff, fixed 3.7.0) *CVE-2004-0923 version (cups, fixed 1.2.22) -*CVE-2004-0918 version (squid, fixed 2.4.STABLE7) +CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) *CVE-2004-0909 version (firefox) @@ -1924,7 +1924,7 @@ *CVE-2004-0837 version (mysql, fixed 4.0.21) *CVE-2004-0836 version (mysql, fixed 4.0.21) *CVE-2004-0835 version (mysql, fixed 4.1.2) -*CVE-2004-0832 version (squid, fixed 2.5.STABLE7) +CVE-2004-0832 version (squid, fixed 2.5.STABLE7) *CVE-2004-0829 version (samba, fixed 2.2.11) *CVE-2004-0827 version (ImageMagick, fixed 6.0.6.2) *CVE-2004-0826 version (nss, fixed 3.9.2) @@ -2010,7 +2010,7 @@ *CVE-2004-0550 (helixplayer) *CVE-2004-0548 ignore (aspell, not fixed 0.50.5) not a security issue *CVE-2004-0547 version (postgresql, fixed 7.2.1) -*CVE-2004-0541 version (squid) +CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) *CVE-2004-0527 version (konqueror, not 3+) *CVE-2004-0523 version (krb5, fixed 1.3.4) @@ -2070,7 +2070,7 @@ *CVE-2004-0229 version (kernel, fixed 2.6.6) *CVE-2004-0228 version (kernel, fixed 2.6.6) *CVE-2004-0226 version (mc, fixed 4.6.0) -*CVE-2004-0189 version (squid, fixed 2.5.STABLE5) +CVE-2004-0189 version (squid, fixed 2.5.STABLE5) *CVE-2004-0186 version (samba, not 3.0.2a) CVE-2004-0185 ignore, no-ship (wu-ftpd) *CVE-2004-0184 version (tcpdump, fixed 3.8.2) @@ -2502,9 +2502,9 @@ *CVE-2002-0759 version (bzip2, fixed 1.0.2) *CVE-2002-0728 version (libpng, fixed 1.2.4) *CVE-2002-0717 version (php, fixed 4.2.2) -*CVE-2002-0715 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0714 version (squid, fixed 2.4.STABLE6) -*CVE-2002-0713 version (squid, fixed 2.4.STABLE6) +CVE-2002-0715 version (squid, fixed 2.4.STABLE6) +CVE-2002-0714 version (squid, fixed 2.4.STABLE6) +CVE-2002-0713 version (squid, fixed 2.4.STABLE6) *CVE-2002-0704 version (kernel, fixed 2.6.11) *CVE-2002-0702 version (dhcpd, fixed 3.0.1) *CVE-2002-0684 version (glibc, fixed afted 2.2.5) @@ -2566,7 +2566,7 @@ *CVE-2002-0169 ignore (docbook) was RHL only *CVE-2002-0165 version (logwatch, fixed 2.6) *CVE-2002-0164 version (XFree86, fixed 4.2.1) -*CVE-2002-0163 version (squid, fixed 20020312) +CVE-2002-0163 version (squid, fixed 2.4.STABLE6) *CVE-2002-0162 version (logwatch, fixed 2.5) *CVE-2002-0157 version (nautilus) *CVE-2002-0146 version (fetchmail, fixed 5.9.10) @@ -2578,9 +2578,9 @@ *CVE-2002-0082 version (mod_ssl, not httpd 2.2) *CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) -*CVE-2002-0069 version (squid, fixed 2.4STABLE4) -*CVE-2002-0068 version (squid, fixed 2.4STABLE4) -*CVE-2002-0067 version (squid, fixed 2.4STABLE4) +CVE-2002-0069 version (squid, fixed 2.4STABLE4) +CVE-2002-0068 version (squid, fixed 2.4STABLE4) +CVE-2002-0067 version (squid, fixed 2.4STABLE4) *CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) @@ -2616,6 +2616,6 @@ *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -*CVE-1999-0710 (squid) +CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) *CVE-1999-0103 (bind) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From tmraz at redhat.com Wed Jun 13 18:42:09 2007 From: tmraz at redhat.com (Tomas Mraz) Date: Wed, 13 Jun 2007 20:42:09 +0200 Subject: Openssh vulnerabilities In-Reply-To: <200706130228.l5D2SIPu019823@cvs-int.fedora.redhat.com> References: <200706130228.l5D2SIPu019823@cvs-int.fedora.redhat.com> Message-ID: <1181760129.321.5.camel@perun.kabelta.loc> On Tue, 2007-06-12 at 22:28 -0400, Kevin Fenzi wrote: > Author: kevin > > Update of /cvs/fedora/fedora-security/audit > In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19805 > > Modified Files: > fc7 > Log Message: > Process openssh > > > > Index: fc7 > =================================================================== > RCS file: /cvs/fedora/fedora-security/audit/fc7,v > retrieving revision 1.5 > retrieving revision 1.6 > diff -u -r1.5 -r1.6 > --- fc7 12 Jun 2007 20:40:54 -0000 1.5 > +++ fc7 13 Jun 2007 02:28:16 -0000 1.6 > @@ -23,7 +23,7 @@ > *CVE-2007-2843 ignore (konqueror) safari specific > *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 > *CVE-2007-2799 (file) > -*CVE-2007-2768 (openssh) > +CVE-2007-2768 VULNERABLE (openssh) This is not an openssh vulnerability but PAM OPIE module one and we don't ship this module. -> NOT VULNERABLE > *CVE-2007-2756 ignore (gd) DoS only > *CVE-2007-2754 (freetype) > *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 > @@ -54,7 +54,7 @@ > *CVE-2007-2356 (gimp) > *CVE-2007-2353 (axis) > *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 > -*CVE-2007-2243 (openssh) > +CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) We don't ship openssh with S/KEY support compiled in. -> NOT VULNERABLE -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb From kevin at tummy.com Wed Jun 13 21:23:58 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Wed, 13 Jun 2007 15:23:58 -0600 Subject: Openssh vulnerabilities In-Reply-To: <1181760129.321.5.camel@perun.kabelta.loc> References: <200706130228.l5D2SIPu019823@cvs-int.fedora.redhat.com> <1181760129.321.5.camel@perun.kabelta.loc> Message-ID: <20070613152358.10adec49@ghistelwchlohm.scrye.com> On Wed, 13 Jun 2007 20:42:09 +0200 Tomas Mraz wrote: Yeah, I wasn't sure about these. > > +CVE-2007-2768 VULNERABLE (openssh) > This is not an openssh vulnerability but PAM OPIE module one and we > don't ship this module. -> NOT VULNERABLE Sure, although someone who uses fedora could install the pam opie module. I guess we can't worry too much about that. > > +CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) > We don't ship openssh with S/KEY support compiled in. -> NOT > VULNERABLE Yeah, ditto here. So, if the exploit requires recompiling or installing some non shipped item, we should ignore? What about if it's not exploitable with the default config, but is if a user modifies their config? I can mark those as ignore with a note... Thanks, kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From fedora-extras-commits at redhat.com Wed Jun 13 21:39:43 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Wed, 13 Jun 2007 17:39:43 -0400 Subject: fedora-security/audit fc7,1.8,1.9 Message-ID: <200706132139.l5DLdh2t024869@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24851 Modified Files: fc7 Log Message: Update 2 openssh cves Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- fc7 13 Jun 2007 18:06:54 -0000 1.8 +++ fc7 13 Jun 2007 21:39:40 -0000 1.9 @@ -24,7 +24,7 @@ *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) -CVE-2007-2768 VULNERABLE (openssh) +CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped. *CVE-2007-2756 ignore (gd) DoS only *CVE-2007-2754 (freetype) *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 @@ -55,7 +55,7 @@ *CVE-2007-2356 (gimp) *CVE-2007-2353 (axis) *CVE-2007-2245 VULNERABLE (phpMyAdmin, fixed 2.10.1) #237882 -CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) +CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. *CVE-2007-2241 (bind) *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction *CVE-2007-2172 (kernel) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Thu Jun 14 03:54:01 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Wed, 13 Jun 2007 23:54:01 -0400 Subject: fedora-security/audit fc7,1.9,1.10 Message-ID: <200706140354.l5E3s1ox016311@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16293 Modified Files: fc7 Log Message: process some kernel cve's Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- fc7 13 Jun 2007 21:39:40 -0000 1.9 +++ fc7 14 Jun 2007 03:53:59 -0000 1.10 @@ -58,7 +58,7 @@ CVE-2007-2243 ignore (openssh, fixed 4.6) needs S/KEY support which is not shipped. *CVE-2007-2241 (bind) *CVE-2007-2176 ignore (firefox) only affects the java quicktime interaction -*CVE-2007-2172 (kernel) +CVE-2007-2172 version (kernel, fixed 2.6.21-rc6) *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) @@ -111,7 +111,7 @@ *CVE-2007-1536 (file) *CVE-2007-1521 (php) *CVE-2007-1515 version (imp, fixed 4.1.4) -*CVE-2007-1496 (kernel) +CVE-2007-1496 version (kernel, fixed 2.6.20.3) *CVE-2007-1484 (php) *CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) @@ -175,7 +175,7 @@ *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 *CVE-2007-1001 (php) -*CVE-2007-1000 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] @@ -208,8 +208,8 @@ *CVE-2007-0777 version (seamonkey, fixed 1.0.8) *CVE-2007-0775 version (seamonkey, fixed 1.0.8) *CVE-2007-0774 (mod_jk) -*CVE-2007-0772 version (kernel) [since FEDORA-2007-291] -*CVE-2007-0771 (kernel) +CVE-2007-0772 version (kernel, fixed 2.6.20.1) [since FEDORA-2007-291] +CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 *CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated @@ -275,11 +275,10 @@ *CVE-2007-0008 version (nss, fixed 3.11.5) (nspr, fixed 4.6.5) [since FEDORA-2007-279] *CVE-2007-0008 ignore (seamonkey, uses system NSS) *CVE-2007-0007 version (gnucash, fixed 2.0.5) since [FEDORA-2007-256] #223233 -*CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] -*CVE-2007-0006 backport (kernel, fixed in -mm) [since FEDORA-2007-226] -*CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +CVE-2007-0006 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] +CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] -*CVE-2007-0001 (kernel) +CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected *CVE-2006-7205 (php) *CVE-2006-7204 (php) *CVE-2006-7197 (tomcat) @@ -334,14 +333,14 @@ *CVE-2006-6493 (openldap) *CVE-2006-6481 version (clamav, fixed 0.88.7) *CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 -*CVE-2006-6385 ignore (kernel) windows only +CVE-2006-6385 ignore (kernel) windows only *CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 -*CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] -*CVE-2006-6332 ignore (kernel) no support for madwifi +CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] +CVE-2006-6332 ignore (kernel) no support for madwifi *CVE-2006-6305 ignore (net-snmp) already have the backported patch -*CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] +CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 *CVE-2006-6297 ignore (kdegraphics) just a crash @@ -356,11 +355,11 @@ CVE-2006-6144 patch (krb5, fixed 1.5-14) #218456 CVE-2006-6143 patch (krb5, fixed 1.5-14) #218456 *CVE-2006-6142 backport (squirrelmail) #218297 [since FEDORA-2007-089] -*CVE-2006-6128 VULNERABLE (kernel, fixed **) +CVE-2006-6128 VULNERABLE (kernel, fixed **) *CVE-2006-6122 ignore (tin, <= 1.8.1 not shipped) *CVE-2006-6120 version (koffice, fixed 1.6.1) #218030 *CVE-2006-6107 VULNERABLE (dbus, fixed 1.0.2) #219665 -*CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] +CVE-2006-6106 version (kernel, fixed 2.6.19.2, fixed 2.6.20-rc5) [since FEDORA-2006-1471] *CVE-2006-6105 version (gdm, fixed 2.14.11) [since FEDORA-2006-1468] *CVE-2006-6104 backport (mono, fixed 1.1.13.8.2) #220853 [since FEDORA-2007-067] *CVE-2006-6103 (xorg-x11) @@ -369,10 +368,10 @@ *CVE-2006-6097 backport (tar) [since FEDORA-2006-1393] *CVE-2006-6085 version (kile, fixed 1.9.3) #217238 *CVE-2006-6077 VULNERABLE (firefox) -*CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support -*CVE-2006-6058 VULNERABLE (kernel, fixed **) -*CVE-2006-6057 VULNERABLE (kernel, fixed **) -*CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 +CVE-2006-6060 ignore (kernel, fixed 2.6.19-rc2) no NTFS support +CVE-2006-6058 VULNERABLE (kernel, fixed **) +CVE-2006-6057 VULNERABLE (kernel, fixed **) +CVE-2006-6056 version (kernel, fixed 2.6.19) [since FEDORA-2007-058] was backport since FEDORA-2006-1471 *CVE-2006-6054 version (kernel, fixed fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-6053 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 CVE-2006-6027 ignore, no-ship (acroread) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From tmraz at redhat.com Thu Jun 14 08:18:09 2007 From: tmraz at redhat.com (Tomas Mraz) Date: Thu, 14 Jun 2007 10:18:09 +0200 Subject: Openssh vulnerabilities In-Reply-To: <20070613152358.10adec49@ghistelwchlohm.scrye.com> References: <200706130228.l5D2SIPu019823@cvs-int.fedora.redhat.com> <1181760129.321.5.camel@perun.kabelta.loc> <20070613152358.10adec49@ghistelwchlohm.scrye.com> Message-ID: <1181809089.11428.10.camel@perun.kabelta.loc> On Wed, 2007-06-13 at 15:23 -0600, Kevin Fenzi wrote: > On Wed, 13 Jun 2007 20:42:09 +0200 > Tomas Mraz wrote: > > Yeah, I wasn't sure about these. > > > > +CVE-2007-2768 VULNERABLE (openssh) > > This is not an openssh vulnerability but PAM OPIE module one and we > > don't ship this module. -> NOT VULNERABLE > > Sure, although someone who uses fedora could install the pam opie > module. I guess we can't worry too much about that. As this cannot be fixed in the openssh code I wouldn't worry much about it. And PAM OPIE documentation have remarks of the problem. > > > +CVE-2007-2243 VULNERABLE (openssh, fixed 4.6) > > We don't ship openssh with S/KEY support compiled in. -> NOT > > VULNERABLE > > Yeah, ditto here. > > So, if the exploit requires recompiling or installing some non shipped > item, we should ignore? I think that we should ignore such vulnerabilities when it requires recompiling. We did the same before. If it just requires installing a some non-shipped item it should be evaluated individually whether it should be ignored or not. > What about if it's not exploitable with the default config, but is if a > user modifies their config? These shouldn't be ignored although the severity is of course lower if it is a really obscure configuration. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb From bugzilla at redhat.com Thu Jun 14 16:53:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Jun 2007 12:53:13 -0400 Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities In-Reply-To: Message-ID: <200706141653.l5EGrDE6011938@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592 mmcgrath at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From mmcgrath at redhat.com 2007-06-14 12:53 EST ------- Sorry I'm not following, it seems that 0.8.6j has been fixed from these bugs, can you show me where you are finding otherwise? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jun 14 17:10:50 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Jun 2007 13:10:50 -0400 Subject: [Bug 243592] CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities In-Reply-To: Message-ID: <200706141710.l5EHAoMs014023@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3112, CVE-2007-3113: cacti DoS vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243592 ------- Additional Comments From ville.skytta at iki.fi 2007-06-14 13:10 EST ------- Like I mentioned, that patch to which both of the CVE's link to, applies to 0.8.6j too. I haven't checked beyond that. $ make prep [...] $ cd cacti-0.8.6j $ curl -s "http://svn.cacti.net/cgi-bin/viewcvs.cgi/branches/BRANCH_0_8_6/cacti/graph_image.php?rev=3956&r1=3898&r2=3956&makepatch=1&diff_format=h" | patch -p3 patching file graph_image.php Hunk #1 succeeded at 51 (offset 2 lines). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jun 14 19:38:22 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Thu, 14 Jun 2007 15:38:22 -0400 Subject: fedora-security/audit fc7,1.10,1.11 Message-ID: <200706141938.l5EJcMZD013905@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv13867 Modified Files: fc7 Log Message: Add 3 new fixed kernel CVEs with new update Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- fc7 14 Jun 2007 03:53:59 -0000 1.10 +++ fc7 14 Jun 2007 19:38:18 -0000 1.11 @@ -13,6 +13,7 @@ *CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 +CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) @@ -41,6 +42,8 @@ *CVE-2007-2510 (php) *CVE-2007-2509 (php) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 +CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] +CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] *CVE-2007-2452 (locate) *CVE-2007-2447 (samba) *CVE-2007-2446 (samba) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jun 14 21:11:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 14 Jun 2007 17:11:59 -0400 Subject: [Bug 243591] CVE-2007-3152, CVE-2007-3153: c-ares < 1.4.0 DNS cache poisoning vulnerability In-Reply-To: Message-ID: <200706142111.l5ELBxWX017159@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3152, CVE-2007-3153: c-ares < 1.4.0 DNS cache poisoning vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|c-ares < 1.4.0 DNS cache |CVE-2007-3152, CVE-2007- |poisoning vulnerability |3153: c-ares < 1.4.0 DNS | |cache poisoning | |vulnerability ------- Additional Comments From ville.skytta at iki.fi 2007-06-14 17:11 EST ------- CVE id's assigned: CVE-2007-3152, CVE-2007-3153 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jun 14 21:14:24 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 14 Jun 2007 17:14:24 -0400 Subject: fedora-security/audit fc7, 1.11, 1.12 fe5, 1.203, 1.204 fe6, 1.117, 1.118 Message-ID: <200706142114.l5ELEOqb009848@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv9826 Modified Files: fc7 fe5 fe6 Log Message: c-ares CVE ids assigned Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- fc7 14 Jun 2007 19:38:18 -0000 1.11 +++ fc7 14 Jun 2007 21:14:22 -0000 1.12 @@ -5,7 +5,8 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 -*CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.203 retrieving revision 1.204 diff -u -r1.203 -r1.204 --- fe5 10 Jun 2007 10:00:53 -0000 1.203 +++ fe5 14 Jun 2007 21:14:22 -0000 1.204 @@ -2,7 +2,8 @@ ** are items that need attention -CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.117 retrieving revision 1.118 diff -u -r1.117 -r1.118 --- fe6 10 Jun 2007 10:00:53 -0000 1.117 +++ fe6 14 Jun 2007 21:14:22 -0000 1.118 @@ -2,7 +2,8 @@ ** are items that need attention -CVE-NOID VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Fri Jun 15 15:41:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 15 Jun 2007 11:41:13 -0400 Subject: [Bug 237533] CVE-2007-2165: proftpd auth bypass vulnerability In-Reply-To: Message-ID: <200706151541.l5FFfDUW008767@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2165: proftpd auth bypass vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=237533 matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From matthias at rpmforge.net 2007-06-15 11:41 EST ------- Still no backport of the patch to the stable 1.3.0a release. It's pretty annoying, since the patch against the latest RC doesn't apply cleanly because of variable name changes. I tried to backport it, but the risk in _me_ doing so is just too high. I really don't understand how/why projects decide to not provide security patches for what they consider to be the current stable release... I'm going to push new proftpd packages anyway, to fix bug #244168 but not this bug, unfortunately :-( -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Jun 16 09:25:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 16 Jun 2007 05:25:15 -0400 Subject: [Bug 244502] New: CVE-2007-3165: tor < 0.1.2.14 information disclosure Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244502 Summary: CVE-2007-3165: tor < 0.1.2.14 information disclosure Product: Fedora Extras Version: f7 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3165 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: tor AssignedTo: enrico.scholz at informatik.tu-chemnitz.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3165 "Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Sat Jun 16 09:27:44 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sat, 16 Jun 2007 05:27:44 -0400 Subject: fedora-security/audit fc7, 1.12, 1.13 fe5, 1.204, 1.205 fe6, 1.118, 1.119 Message-ID: <200706160927.l5G9RiRR032084@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32044 Modified Files: fc7 fe5 fe6 Log Message: +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- fc7 14 Jun 2007 21:14:22 -0000 1.12 +++ fc7 16 Jun 2007 09:27:42 -0000 1.13 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 *CVE-2007-3121 version (zvbi, fixed 0.2.25) Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.204 retrieving revision 1.205 diff -u -r1.204 -r1.205 --- fe5 14 Jun 2007 21:14:22 -0000 1.204 +++ fe5 16 Jun 2007 09:27:42 -0000 1.205 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.118 retrieving revision 1.119 diff -u -r1.118 -r1.119 --- fe6 14 Jun 2007 21:14:22 -0000 1.118 +++ fe6 16 Jun 2007 09:27:42 -0000 1.119 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3121 version (zvbi, fixed 0.2.25) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From peak at argo.troja.mff.cuni.cz Sat Jun 16 13:53:36 2007 From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Date: Sat, 16 Jun 2007 15:53:36 +0200 (CEST) Subject: Need some security advice for systemtap In-Reply-To: <466DC5FD.7090605@redhat.com> Message-ID: <20070616150353.13DE.0@paddy.troja.mff.cuni.cz> On Mon, 11 Jun 2007, David Smith wrote: > (D) staprun.auth will need to disallow certain staprun.auth command-line > arguments, such as: Plus: - "-u USERNAME" (assuming you allow -c, otherwise it has no effect; on the other hand, its support in staprun can help to to make it possible to use -c via staprun.auth) - "-t PID" (or "-x PID") (you need to disallow this because it is virtually impossible to avoid race conditions when you check whether a user is allowed to mess with a certain running process; alternatively, you can allow it and make it a requirement for blessed scripts that authorized users can attach them to any running process without compromising the security of the system) On 11 Jun 2007, Frank Ch. Eigler wrote: > Actually, it doesn't. A setuid program can drop its privileges after > performing the root-only operations (module loading), and invoke the > rest of the normal commands as the real userid. Staprun has to keep root privileges to be able to unload the kernel module when it finishes. Moreover, the mere possesion of an open fd for the control channel seems to be dangerous enough to make staprun de facto running under euid 0 as long as it keeps the fd open (correct me if I am wrong). BTW1: staprun should close the file descriptors it uses internally (control fd, relayfs fds) when it executes the target program given by -c. BTW2: Let's suppose start_cmd() creates a process running under an unprivileged user. I think it can be killed (by the unprivileged user) before it gets SIGUSR1 and the system might recycle its pid. Therefore kill() in STP_START branch of stp_main_loop() is unsafe. On Mon, 11 Jun 2007, David Smith wrote: > Perhaps there is a merged approach. Keep staprun_auth a thin wrapper > around staprun, but change staprun to raise and lower privileges as > needed when inserting/removing modules, setting up relayfs, etc. This might work but be very careful when you do it while multiple threads are running. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation." From fedora-extras-commits at redhat.com Sun Jun 17 07:09:14 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sun, 17 Jun 2007 03:09:14 -0400 Subject: fedora-security/audit fc7, 1.13, 1.14 fe5, 1.205, 1.206 fe6, 1.119, 1.120 Message-ID: <200706170709.l5H79EdF023963@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23941 Modified Files: fc7 fe5 fe6 Log Message: +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- fc7 16 Jun 2007 09:27:42 -0000 1.13 +++ fc7 17 Jun 2007 07:09:12 -0000 1.14 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.205 retrieving revision 1.206 diff -u -r1.205 -r1.206 --- fe5 16 Jun 2007 09:27:42 -0000 1.205 +++ fe5 17 Jun 2007 07:09:12 -0000 1.206 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.119 retrieving revision 1.120 diff -u -r1.119 -r1.120 --- fe6 16 Jun 2007 09:27:42 -0000 1.119 +++ fe6 17 Jun 2007 07:09:12 -0000 1.120 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Sun Jun 17 17:13:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 17 Jun 2007 13:13:09 -0400 Subject: [Bug 231734] CVE-2007-1246, CVE-2007-1387: xine-lib buffer overflows In-Reply-To: Message-ID: <200706171713.l5HHD92n011103@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1246, CVE-2007-1387: xine-lib buffer overflows https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |medium Priority|normal |medium gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |1.1.7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Jun 18 08:14:22 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 18 Jun 2007 04:14:22 -0400 Subject: [Bug 244502] CVE-2007-3165: tor < 0.1.2.14 information disclosure In-Reply-To: Message-ID: <200706180814.l5I8EMm8021549@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3165: tor < 0.1.2.14 information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244502 andreas.bierfert at lowlatency.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andreas.bierfert at lowlatency. | |de -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Mon Jun 18 14:07:27 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Mon, 18 Jun 2007 10:07:27 -0400 Subject: fedora-security/audit fc7,1.14,1.15 Message-ID: <200706181407.l5IE7Rx7022384@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22363 Modified Files: fc7 Log Message: Note a galeon CVE id Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- fc7 17 Jun 2007 07:09:12 -0000 1.14 +++ fc7 18 Jun 2007 14:07:25 -0000 1.15 @@ -9,6 +9,7 @@ CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3145 VULNERABLE (galeon) ** *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Jun 18 17:03:13 2007 From: fedora-extras-commits at redhat.com (Christoph Trassl (trassl)) Date: Mon, 18 Jun 2007 13:03:13 -0400 Subject: fedora-security/audit fc7,1.15,1.16 Message-ID: <200706181703.l5IH3DbD016450@cvs-int.fedora.redhat.com> Author: trassl Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv16356 Modified Files: fc7 Log Message: Processed gaim. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- fc7 18 Jun 2007 14:07:25 -0000 1.15 +++ fc7 18 Jun 2007 17:03:11 -0000 1.16 @@ -1365,7 +1365,7 @@ *CVE-2005-2410 version (NetworkManager, fixed 5.0) *CVE-2005-2395 ignore (firefox) https://bugzilla.mozilla.org/show_bug.cgi?id=281851 *CVE-2005-2370 version (kdenetwork, fixed 3.4.2) -*CVE-2005-2370 version (gaim, fixed 1.5.0) +CVE-2005-2370 version (gaim, fixed gaim:1.5.0) *CVE-2005-2369 version (kdenetwork, fixed 3.4.2) *CVE-2005-2368 version (vim, fixed 6.3.086 at least) *CVE-2005-2367 version (wireshark, fixed 0.10.12) @@ -1399,8 +1399,8 @@ *CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) *CVE-2005-2114 version (firefox, fixed 1.0.5) *CVE-2005-2104 version (sysreport, fixed 1.4.1-5) -*CVE-2005-2103 version (gaim, fixed 1.5.0) -*CVE-2005-2102 version (gaim, fixed 1.5.0) +CVE-2005-2103 version (gaim, fixed gaim:1.5.0) +CVE-2005-2102 version (gaim, fixed gaim:1.5.0) *CVE-2005-2101 version (kdeedu, fixed after 3.4.2) *CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 *CVE-2005-2099 version (kernel, fixed 2.6.12.5) @@ -1417,7 +1417,7 @@ *CVE-2005-1993 version (sudo, fixed 1.6.8p9) *CVE-2005-1992 version (ruby, fixed 1.8.3 at least) *CVE-2005-1937 version (firefox, fixed 1.0.5) -*CVE-2005-1934 version (gaim, fixed 1.3.1) +CVE-2005-1934 version (gaim, fixed gaim:1.5.0) *CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) *CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) @@ -1487,15 +1487,15 @@ *CVE-2005-1278 version (tcpdump, fixed 3.9.2) *CVE-2005-1277 ignore (dupe) *CVE-2005-1275 version (ImageMagick, fixed 6.2.2) -*CVE-2005-1269 version (gaim, fixed 1.3.1) +CVE-2005-1269 version (gaim, gaim:fixed 1.5.0) *CVE-2005-1268 version (httpd, not 2.2) *CVE-2005-1267 version (tcpdump, fixed 3.9.4 at least) *CVE-2005-1266 version (spamassassin, fixed 3.0.4) *CVE-2005-1265 version (kernel) *CVE-2005-1264 version (kernel) *CVE-2005-1263 version (kernel) -*CVE-2005-1262 version (gaim, fixed 1.3.0) -*CVE-2005-1261 version (gaim, fixed 1.3.0) +CVE-2005-1262 version (gaim, fixed gaim:1.5.0) +CVE-2005-1261 version (gaim, fixed gaim:1.5.0) *CVE-2005-1260 version (bzip2, fixed 1.0.3) *CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch *CVE-2005-1228 backport (gzip) changelog @@ -1527,9 +1527,9 @@ *CVE-2005-0989 version (firefox, fixed 1.0.3) *CVE-2005-0988 backport (gzip) changelog *CVE-2005-0977 version (kernel, fixed 2.6.11) -*CVE-2005-0967 version (gaim, fixed 1.2.1) -*CVE-2005-0966 version (gaim, fixed 1.2.1) -*CVE-2005-0965 version (gaim, fixed 1.2.1) +CVE-2005-0967 version (gaim, fixed gaim:1.5.0) +CVE-2005-0966 version (gaim, fixed gaim:1.5.0) +CVE-2005-0965 version (gaim, fixed gaim:1.5.0) *CVE-2005-0953 backport (bzip2) bzip2-1.0.2-chmod.patch *CVE-2005-0941 version (openoffice.org, fixed 1.9 m95) *CVE-2005-0937 version (kernel, fixed 2.6.11) @@ -1605,8 +1605,8 @@ *CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) *CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch -*CVE-2005-0473 version (gaim, fixed 1.1.3) -*CVE-2005-0472 version (gaim, fixed 1.1.3) +CVE-2005-0473 version (gaim, fixed gaim:1.5.0) +CVE-2005-0472 version (gaim, fixed gaim:1.5.0) *CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) *CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch @@ -1649,7 +1649,7 @@ CVE-2005-0211 version (squid, fixed 2.5.STABLE8) *CVE-2005-0210 version (kernel, fixed 2.6.11) *CVE-2005-0209 version (kernel, fixed 2.6.11) -*CVE-2005-0208 version (gaim, fixed 1.1.4) +CVE-2005-0208 version (gaim, fixed gaim:1.5.0) *CVE-2005-0207 version (kernel, fixed 2.6.11) *CVE-2005-0205 version (kdenetwork, not 3.3+) *CVE-2005-0204 version (kernel) didn't affect upstream @@ -1736,7 +1736,7 @@ *CVE-2004-2645 (asn1c) *CVE-2004-2644 (asn1c) *CVE-2004-2607 version (kernel, fixed 2.6.5) -*CVE-2004-2589 version (gaim, fixed 0.82) +CVE-2004-2589 version (gaim, fixed gaim:0.82.1) *CVE-2004-2546 version (samba, fixed 3.0.6) *CVE-2004-2541 ignore (cscope) blocked by FORTIFY_SOURCE *CVE-2004-2536 version (kernel, fixed 2.6.7) @@ -1913,7 +1913,7 @@ *CVE-2004-0907 version (firefox) *CVE-2004-0906 version (thunderbird) *CVE-2004-0906 version (firefox) -*CVE-2004-0891 version (gaim, fixed 1.0.2) +CVE-2004-0891 version (gaim, fixed gaim:1.0.2) *CVE-2004-0888 version (tetex, fixed 3.0) *CVE-2004-0888 version (kdegraphics, not 3.4) *CVE-2004-0888 version (cups) @@ -1958,8 +1958,8 @@ *CVE-2004-0790 version (kernel, not 2.6) *CVE-2004-0788 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0786 version (apr-util, not httpd-2.2) -*CVE-2004-0785 version (gaim, fixed 0.82) -*CVE-2004-0784 version (gaim, fixed 0.82) +CVE-2004-0785 version (gaim, fixed gaim:0.82.1) +CVE-2004-0784 version (gaim, fixed gaim:0.82.1) *CVE-2004-0783 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0782 version (gtk2, fixed 2.6.7 at least) *CVE-2004-0779 version (thunderbird) @@ -1968,7 +1968,7 @@ *CVE-2004-0772 version (krb5, fixed after 1.2.8) *CVE-2004-0768 version (libpng, fixed 1.2.6) *CVE-2004-0755 version (ruby, fixed 1.8.1) -*CVE-2004-0754 version (gaim, fixed 0.82) +CVE-2004-0754 version (gaim, fixed gaim:0.82.1) *CVE-2004-0753 version (gtk2, fixed after 2.2.4) *CVE-2004-0752 version (openoffice.org, fixed after 1.1.2) *CVE-2004-0751 version (httpd, not 2.2) @@ -2027,7 +2027,7 @@ *CVE-2004-0506 version (wireshark, fixed 0.10.4) *CVE-2004-0505 version (wireshark, fixed 0.10.4) *CVE-2004-0504 version (wireshark, fixed 0.10.4) -*CVE-2004-0500 version (gaim, fixed 0.82) +CVE-2004-0500 version (gaim, fixed gaim:0.82.1) *CVE-2004-0497 version (kernel, fixed 2.6.8) *CVE-2004-0496 version (kernel, fixed 2.6.8) *CVE-2004-0495 version (kernel, fixed 2.6.8) @@ -2127,10 +2127,10 @@ *CVE-2004-0055 version (tcpdump, fixed 3.8.2) *CVE-2004-0042 ignore (vsftpd) disputed *CVE-2004-0010 version (kernel, not 2.6) -*CVE-2004-0008 version (gaim, fixed 0.75) -*CVE-2004-0007 version (gaim, fixed 0.75) -*CVE-2004-0006 version (gaim, fixed 0.76) -*CVE-2004-0005 version (gaim, fixed 0.76) +CVE-2004-0008 version (gaim, fixed gaim:0.76) +CVE-2004-0007 version (gaim, fixed gaim:0.76) +CVE-2004-0006 version (gaim, fixed gaim:0.76) +CVE-2004-0005 version (gaim, fixed gaim:0.76) *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) @@ -2481,7 +2481,7 @@ *CVE-2002-1146 version (bind, not 8.3+) *CVE-2002-1131 version (squirrelmail, fixed 1.2.8) *CVE-2002-1119 version (python, fixed 2.2.2) -*CVE-2002-0989 version (gaim, fixed 0.59.1) +CVE-2002-0989 version (gaim, fixed gaim:0.59.1) *CVE-2002-0986 version (php, fixed 4.2.3) *CVE-2002-0985 version (php, fixed 4.2.3) *CVE-2002-0972 version (postgresql, fixed 7.2.2) @@ -2552,11 +2552,11 @@ *CVE-2002-0391 version (glibc, fixed after 2.2.5) *CVE-2002-0389 ignore (mailman) upstream say not a vulnerability *CVE-2002-0388 version (mailman, fixed 2.0.11) -*CVE-2002-0384 version (gaim, fixed 0.58) +CVE-2002-0384 version (gaim, fixed gaim:0.58) *CVE-2002-0382 version (xchat, fixed 1.9.1) *CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) *CVE-2002-0379 version (imap, vuln code removed imap-2002) -*CVE-2002-0377 version (gaim, fixed 0.58) +CVE-2002-0377 version (gaim, fixed gaim:0.58) *CVE-2002-0374 version (pam_ldap, fixed 144) *CVE-2002-0363 version (ghostscript, fixed 6.53) *CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Mon Jun 18 17:59:57 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Mon, 18 Jun 2007 13:59:57 -0400 Subject: fedora-security/audit fc5, 1.460, 1.461 fc6, 1.218, 1.219 fc7, 1.16, 1.17 Message-ID: <200706181759.l5IHxv0W029939@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29900 Modified Files: fc5 fc6 fc7 Log Message: CVE-2007-2873 (spamassassin) fixed Index: fc5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc5,v retrieving revision 1.460 retrieving revision 1.461 diff -u -r1.460 -r1.461 --- fc5 13 Jun 2007 14:00:41 -0000 1.460 +++ fc5 18 Jun 2007 17:59:55 -0000 1.461 @@ -4,6 +4,7 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243891 +CVE-2007-2873 version (spamassassin, fixed 3.1.9) CVE-2007-1565 ignore (konqueror) client crash CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] CVE-2007-1475 ignore (php) unshipped ibase extension Index: fc6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc6,v retrieving revision 1.218 retrieving revision 1.219 diff -u -r1.218 -r1.219 --- fc6 13 Jun 2007 14:00:41 -0000 1.218 +++ fc6 18 Jun 2007 17:59:55 -0000 1.219 @@ -4,6 +4,7 @@ ** are items that need attention CVE-2007-4168 VULNERABLE (libexif) #243892 +CVE-2007-2873 version (spamassassin, fixed 3.1.9) CVE-2007-2438 VULNERABLE (vim) #238734 CVE-2007-1856 VULNERABLE (vixie-cron) #235882 CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- fc7 18 Jun 2007 17:03:11 -0000 1.16 +++ fc7 18 Jun 2007 17:59:55 -0000 1.17 @@ -19,6 +19,7 @@ *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] *CVE-2007-2874 (wpa_supplicant) #242455 +CVE-2007-2873 version (spamassassin, fixed 3.2.1) *CVE-2007-2871 version (seamonkey, fixed 1.0.9) *CVE-2007-2870 version (seamonkey, fixed 1.0.9) *CVE-2007-2869 (firefox) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From dsmith at redhat.com Mon Jun 18 19:44:53 2007 From: dsmith at redhat.com (David Smith) Date: Mon, 18 Jun 2007 14:44:53 -0500 Subject: Need some security advice for systemtap In-Reply-To: <20070616150353.13DE.0@paddy.troja.mff.cuni.cz> References: <20070616150353.13DE.0@paddy.troja.mff.cuni.cz> Message-ID: <4676E0B5.5090706@redhat.com> Pavel Kankovsky wrote: > On Mon, 11 Jun 2007, David Smith wrote: > >> (D) staprun.auth will need to disallow certain staprun.auth command-line >> arguments, such as: > > Plus: > > - "-u USERNAME" (assuming you allow -c, otherwise it has no effect; > on the other hand, its support in staprun can help to to make it > possible to use -c via staprun.auth) > > - "-t PID" (or "-x PID") (you need to disallow this because it is > virtually impossible to avoid race conditions when you check whether > a user is allowed to mess with a certain running process; alternatively, > you can allow it and make it a requirement for blessed scripts that > authorized users can attach them to any running process without > compromising the security of the system) I knew about '-u USERNAME'. We'll probably allow '-x PID' for authorized users because if they can look at the entire system there isn't any point in not allowing them to look at a single process. > On 11 Jun 2007, Frank Ch. Eigler wrote: > >> Actually, it doesn't. A setuid program can drop its privileges after >> performing the root-only operations (module loading), and invoke the >> rest of the normal commands as the real userid. > > Staprun has to keep root privileges to be able to unload the kernel module > when it finishes. Moreover, the mere possesion of an open fd for the > control channel seems to be dangerous enough to make staprun de facto > running under euid 0 as long as it keeps the fd open (correct me if I am > wrong). Yep, you are right. > BTW1: staprun should close the file descriptors it uses internally > (control fd, relayfs fds) when it executes the target program given by -c. Good idea, I'll work on that. > BTW2: Let's suppose start_cmd() creates a process running under an > unprivileged user. I think it can be killed (by the unprivileged user) > before it gets SIGUSR1 and the system might recycle its pid. Therefore > kill() in STP_START branch of stp_main_loop() is unsafe. Hmm. Got any ideas on how to fix this? > On Mon, 11 Jun 2007, David Smith wrote: > >> Perhaps there is a merged approach. Keep staprun_auth a thin wrapper >> around staprun, but change staprun to raise and lower privileges as >> needed when inserting/removing modules, setting up relayfs, etc. > > This might work but be very careful when you do it while multiple threads > are running. I believe I see what you mean here - if one thread raises privilegs while another thread performs a security-sensitive operation, we've got a problem. Thanks for your time. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From fedora-extras-commits at redhat.com Mon Jun 18 21:31:42 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Mon, 18 Jun 2007 17:31:42 -0400 Subject: fedora-security/audit fc7,1.17,1.18 Message-ID: <200706182131.l5ILVgcD023940@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv23904 Modified Files: fc7 Log Message: Deal with ed Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.17 retrieving revision 1.18 diff -u -r1.17 -r1.18 --- fc7 18 Jun 2007 17:59:55 -0000 1.17 +++ fc7 18 Jun 2007 21:31:40 -0000 1.18 @@ -305,7 +305,7 @@ *CVE-2006-6944 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6943 version (phpMyAdmin, fixed 2.9.1.1) *CVE-2006-6942 version (phpMyAdmin, fixed 2.9.1.1) -*CVE-2006-6939 VULNERABLE (ed, fixed 0.3) #223075 +CVE-2006-6939 version (ed, fixed 0.3) #223075 *CVE-2006-6899 version (bluez-utils, fixed 2.23) *CVE-2006-6870 version (avahi, fixed 0.6.16) #221440 [since FEDORA-2007-019] *CVE-2006-6811 ignore (ksirc) DoS only @@ -2617,7 +2617,7 @@ *CVE-2001-0235 (vixie-cron) CVE-2001-0187 ignore, no-ship (wu-ftpd) *CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch -*CVE-2000-1137 (ed) +CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) *CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From hunt at redhat.com Tue Jun 19 00:02:41 2007 From: hunt at redhat.com (Martin Hunt) Date: Mon, 18 Jun 2007 20:02:41 -0400 Subject: Need some security advice for systemtap In-Reply-To: <4676E0B5.5090706@redhat.com> References: <20070616150353.13DE.0@paddy.troja.mff.cuni.cz> <4676E0B5.5090706@redhat.com> Message-ID: <1182211361.7067.66.camel@dragon> On Mon, 2007-06-18 at 14:44 -0500, David Smith wrote: > Pavel Kankovsky wrote: > > On Mon, 11 Jun 2007, David Smith wrote: > > > >> (D) staprun.auth will need to disallow certain staprun.auth command-line > >> arguments, such as: > > > > Plus: > > > > - "-u USERNAME" (assuming you allow -c, otherwise it has no effect; > > on the other hand, its support in staprun can help to to make it > > possible to use -c via staprun.auth) The only reason for "-u" is so we can currently do things like >stap -c "make all" systrace.stp and have "make" execute as a normal user rather than root (because stap does "sudo staprun"). If staprun is not run by root, the setreuid() call will just fail if someone tries to misuse it. > > - "-t PID" (or "-x PID") (you need to disallow this because it is > > virtually impossible to avoid race conditions when you check whether > > a user is allowed to mess with a certain running process; alternatively, > > you can allow it and make it a requirement for blessed scripts that > > authorized users can attach them to any running process without > > compromising the security of the system) "-x pid "doesn't actually do anything except cause target() to return pid. So disabling it would be pointless. It exists as a convenient way to pass a value to scripts that wish to filter based on pid. > > BTW1: staprun should close the file descriptors it uses internally > > (control fd, relayfs fds) when it executes the target program given by -c. > > Good idea, I'll work on that. > > > BTW2: Let's suppose start_cmd() creates a process running under an > > unprivileged user. I think it can be killed (by the unprivileged user) > > before it gets SIGUSR1 and the system might recycle its pid. Therefore > > kill() in STP_START branch of stp_main_loop() is unsafe. > > Hmm. Got any ideas on how to fix this? So, while the module loads its probes, we kill the start_cmd() process and create enough new processes to recycle the pid? Then staprun sends either SIGKILL or SIGUSR1 to the wrong process? Theoretically, if we set tens of thousands of probes, we would have a few milliseconds to do this. Now that I've caught up on this discussion (sorry) I see we are simply talking about the blessed module approach to security. So the only issue here is how to load/unload the module, right? It seems like you have some good ideas. Why are we worrying about staprun? Load the module with your blessed loader, then staprun runs as a normal user. The only problem I see is unloading the module automatically. BTW, you can kind of try this now. Run with sudo or root: >sudo /sbin/insmod close.ko >sudo chown hunt.hunt /sys/kernel/debug/systemtap/close/* Now run staprun as a normal user >staprun -A close cpufreq-applet: close(17) = 0 cpufreq-applet: close(17) = 0 hald-addon-stor: close(4) = 0 cpufreq-applet: close(17) = 0 cpufreq-applet: close(17) = 0 crond: close(5) = 0 crond: close(5) = 0 gpm: close(0) = 0 cpufreq-applet: close(17) = 0 cpufreq-applet: close(17) = 0 DONE ERROR: Removing 'close': Operation not permitted ERROR: couldn't rmmod probe module close. -- Hmmm. So lets say we create stap_load owned by root, group systemtap, and file permission would be 04110. stap_load is a C program that does something like if (root) insmod(modname) else if modname is blessed && user is valid insmod(modname) endif stap_unload would be similar or it could be the same program with an argument to indicate load/unload. Then rename staprun to staprun.bin and create a script, staprun: if stap_load modname staprun.bin modname ... stap_unload modname endif Are there problems with this approach? Martin From dsmith at redhat.com Tue Jun 19 19:56:50 2007 From: dsmith at redhat.com (David Smith) Date: Tue, 19 Jun 2007 14:56:50 -0500 Subject: Need some security advice for systemtap In-Reply-To: <1182211361.7067.66.camel@dragon> References: <20070616150353.13DE.0@paddy.troja.mff.cuni.cz> <4676E0B5.5090706@redhat.com> <1182211361.7067.66.camel@dragon> Message-ID: <46783502.8020800@redhat.com> Martin Hunt wrote: > On Mon, 2007-06-18 at 14:44 -0500, David Smith wrote: >> Pavel Kankovsky wrote: >>> On Mon, 11 Jun 2007, David Smith wrote: >> >>> BTW2: Let's suppose start_cmd() creates a process running under an >>> unprivileged user. I think it can be killed (by the unprivileged user) >>> before it gets SIGUSR1 and the system might recycle its pid. Therefore >>> kill() in STP_START branch of stp_main_loop() is unsafe. >> Hmm. Got any ideas on how to fix this? > > So, while the module loads its probes, we kill the start_cmd() process > and create enough new processes to recycle the pid? Then staprun sends > either SIGKILL or SIGUSR1 to the wrong process? Theoretically, if we set > tens of thousands of probes, we would have a few milliseconds to do > this. I do agree it isn't a likely occurrence, but if it is possible to fix we ought to look at it. > Now that I've caught up on this discussion (sorry) I see we are simply > talking about the blessed module approach to security. So the only > issue here is how to load/unload the module, right? It seems like you > have some good ideas. Why are we worrying about staprun? Load the > module with your blessed loader, then staprun runs as a normal user. The > only problem I see is unloading the module automatically. The problem with the blessed loader approach is that: (a) it duplicates code with regular staprun (although perhaps not much) (b) unloading the module isn't possible So, Frank and I have been trying to think through other ideas. > BTW, you can kind of try this now. > > Run with sudo or root: >> sudo /sbin/insmod close.ko >> sudo chown hunt.hunt /sys/kernel/debug/systemtap/close/* Actually that doesn't work if /sys/kernel/debug hasn't been mounted before. > Now run staprun as a normal user >> staprun -A close > cpufreq-applet: close(17) = 0 > cpufreq-applet: close(17) = 0 > hald-addon-stor: close(4) = 0 > cpufreq-applet: close(17) = 0 > cpufreq-applet: close(17) = 0 > crond: close(5) = 0 > crond: close(5) = 0 > gpm: close(0) = 0 > cpufreq-applet: close(17) = 0 > cpufreq-applet: close(17) = 0 > DONE > ERROR: Removing 'close': Operation not permitted > ERROR: couldn't rmmod probe module close. > > -- > > Hmmm. So lets say we create stap_load owned by > root, group systemtap, and file permission would be 04110. > > stap_load is a C program that does something like > if (root) > insmod(modname) > else if modname is blessed && user is valid > insmod(modname) > endif > > stap_unload would be similar or it could be the same program with > an argument to indicate load/unload. > > Then rename staprun to staprun.bin and create a script, staprun: > if stap_load modname > staprun.bin modname ... > stap_unload modname > endif > > Are there problems with this approach? Having two different setuid programs isn't the best plan. One possible alternative could be: stap_load (setuid) inserts module, then forks and execs (as a user) "staprun -A". stap_load then waits for "staprun -A" to finish. After staprun finishes, stap_load removes the module. -- David Smith dsmith at redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax) From bugzilla at redhat.com Wed Jun 20 01:58:49 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 19 Jun 2007 21:58:49 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200706200158.l5K1wnYo006613@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora ------- Additional Comments From bojan at rexursive.com 2007-06-19 21:58 EST ------- This has been open for over a month now. Could someone please either: - explain why this doesn't affect FC6/F7 and close - upgrade to secure version(s) and close -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From joshua.i.stone at intel.com Tue Jun 19 20:42:11 2007 From: joshua.i.stone at intel.com (Stone, Joshua I) Date: Tue, 19 Jun 2007 13:42:11 -0700 Subject: Need some security advice for systemtap In-Reply-To: <46783502.8020800@redhat.com> References: <20070616150353.13DE.0@paddy.troja.mff.cuni.cz> <4676E0B5.5090706@redhat.com> <1182211361.7067.66.camel@dragon> <46783502.8020800@redhat.com> Message-ID: <46783FA3.8060704@intel.com> David Smith wrote: > Martin Hunt wrote: >> On Mon, 2007-06-18 at 14:44 -0500, David Smith wrote: >>> Pavel Kankovsky wrote: >>>> On Mon, 11 Jun 2007, David Smith wrote: >>> >>>> BTW2: Let's suppose start_cmd() creates a process running under an >>>> unprivileged user. I think it can be killed (by the unprivileged >>>> user) before it gets SIGUSR1 and the system might recycle its pid. >>>> Therefore >>>> kill() in STP_START branch of stp_main_loop() is unsafe. >>> Hmm. Got any ideas on how to fix this? >> >> So, while the module loads its probes, we kill the start_cmd() process >> and create enough new processes to recycle the pid? Then staprun sends >> either SIGKILL or SIGUSR1 to the wrong process? Theoretically, if we set >> tens of thousands of probes, we would have a few milliseconds to do >> this. > > I do agree it isn't a likely occurrence, but if it is possible to fix we > ought to look at it. This should be manageable. When a child process exits, it sends a SIGCHLD and sits as a zombie until the parent has wait()ed for it. As long as it's a zombie, the pid won't be recycled. We just need to notice in our sig handler that the start_cmd process died, and make sure we don't try to kill the pid after that. Josh From bugzilla at redhat.com Wed Jun 20 17:06:27 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2007 13:06:27 -0400 Subject: [Bug 240396] CVE-2007-2654: xfsdump file permissions issue In-Reply-To: Message-ID: <200706201706.l5KH6RPh026762@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2654: xfsdump file permissions issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora esandeen at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|cattelan at redhat.com |cattelan at thebarn.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jun 20 17:12:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2007 13:12:24 -0400 Subject: [Bug 240396] CVE-2007-2654: xfsdump file permissions issue In-Reply-To: Message-ID: <200706201712.l5KHCOAD027779@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2654: xfsdump file permissions issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396 cattelan at thebarn.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From cattelan at thebarn.com 2007-06-20 13:12 EST ------- Sorry didn't see this. I'll get this pulled in soon. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Wed Jun 20 18:59:56 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 20 Jun 2007 14:59:56 -0400 Subject: fedora-security/audit fc7,1.18,1.19 Message-ID: <200706201859.l5KIxuZn028563@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28545 Modified Files: fc7 Log Message: Sort out cpio Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- fc7 18 Jun 2007 21:31:40 -0000 1.18 +++ fc7 20 Jun 2007 18:59:53 -0000 1.19 @@ -1136,7 +1136,7 @@ *CVE-2005-4442 version (openldap) gentoo only *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] *CVE-2005-4348 version (fetchmail, fixed 6.3.1) -*CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch +CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch *CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment *CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) @@ -1498,7 +1498,7 @@ CVE-2005-1262 version (gaim, fixed gaim:1.5.0) CVE-2005-1261 version (gaim, fixed gaim:1.5.0) *CVE-2005-1260 version (bzip2, fixed 1.0.3) -*CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch +CVE-2005-1229 backport (cpio) cpio-2.6-dirTraversal.patch *CVE-2005-1228 backport (gzip) changelog *CVE-2005-1194 backport (nasm) changelog *CVE-2005-1184 ignore (kernel) expected to not be an issue @@ -1514,7 +1514,7 @@ *CVE-2005-1155 version (firefox) *CVE-2005-1154 version (firefox) *CVE-2005-1153 version (firefox) -*CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch +CVE-2005-1111 backport (cpio) cpio-2.6-chmodRaceC.patch *CVE-2005-1065 version (tetex) not upstream version *CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) *CVE-2005-1046 version (kdelibs, fixed after 3.4.0) @@ -2620,7 +2620,7 @@ CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) *CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) -*CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch +CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) CVE-1999-0710 version (squid, fixed 2.5.STABLE10) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jun 20 20:27:29 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 20 Jun 2007 16:27:29 -0400 Subject: fedora-security/audit fc7,1.19,1.20 Message-ID: <200706202027.l5KKRTHC022107@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22089 Modified Files: fc7 Log Message: Deal with a number of CVE ids. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- fc7 20 Jun 2007 18:59:53 -0000 1.19 +++ fc7 20 Jun 2007 20:27:27 -0000 1.20 @@ -85,7 +85,7 @@ *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) -*CVE-2007-1856 VULNERABLE (vixie-cron) #235882 +CVE-2007-1856 backport (vixie-cron) #235882 vixie-cron-4.1-hardlink.patch *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 @@ -347,7 +347,7 @@ *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] CVE-2006-6332 ignore (kernel) no support for madwifi -*CVE-2006-6305 ignore (net-snmp) already have the backported patch +CVE-2006-6305 ignore (net-snmp) already have the backported patch CVE-2006-6304 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] *CVE-2006-6303 version (ruby, fixed 1.8.5.2) [since FEDORA-2006-1441] *CVE-2006-6301 version (denyhosts, fixed 2.6-2) #218824 @@ -388,7 +388,7 @@ *CVE-2006-5974 ignore (fetchmail, fixed 6.3.6) only 6.3.5 *CVE-2006-5973 VULNERABLE (dovecot, fixed 1.0.rc15) #216508 *CVE-2006-5969 (fvwm) -*CVE-2006-5941 (net-snmp) +CVE-2006-5941 ignore (net-snmp) dupe CVE-2005-2177 *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) @@ -767,7 +767,7 @@ *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC -*CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_42-bz178431.patch +CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 *CVE-2006-2563 ignore (php) safe mode isn't safe *CVE-2006-2502 (cyrus-imapd) @@ -1108,7 +1108,7 @@ *CVE-2006-0017 (fedora directory server) *CVE-2006-0016 (fedora directory server) *CVE-2005-4838 (tomcat) -*CVE-2005-4837 (net-snmp) +CVE-2005-4837 version (net-snmp, fixed 5.2.2) *CVE-2005-4836 (tomcat) *CVE-2005-4811 version (kernel, fixed 2.6.13) *CVE-2005-4809 VULNERABLE (firefox) @@ -1300,7 +1300,7 @@ *CVE-2005-2872 version (kernel, fixed 2.6.12) *CVE-2005-2871 version (thunderbird) *CVE-2005-2871 version (firefox, fixed 1.0.7) -*CVE-2005-2811 version (net-snmp) not upstream, gentoo only +CVE-2005-2811 version (net-snmp) not upstream, gentoo only *CVE-2005-2801 version (kernel, fixed 2.6.11) *CVE-2005-2800 version (kernel, fixed 2.6.12.6) CVE-2005-2798 version (openssh, fixed 4.2) @@ -1397,7 +1397,7 @@ *CVE-2005-2261 version (thunderbird, fixed 1.0.5) *CVE-2005-2261 version (firefox, fixed 1.0.5) *CVE-2005-2260 version (firefox, fixed 1.0.5) -*CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) +CVE-2005-2177 version (net-snmp, fixed 5.2.1.2) *CVE-2005-2114 version (firefox, fixed 1.0.5) *CVE-2005-2104 version (sysreport, fixed 1.4.1-5) CVE-2005-2103 version (gaim, fixed gaim:1.5.0) @@ -1441,7 +1441,7 @@ *CVE-2005-1751 version (nmap, fixed 3.93 at least) *CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used *CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable -*CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) +CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least) *CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3) *CVE-2005-1730 (openssl) *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch @@ -1522,7 +1522,7 @@ *CVE-2005-1042 version (php, fixed 4.3.11) *CVE-2005-1041 version (kernel, fixed 2.6.12) *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue -*CVE-2005-1038 backport (vixie-cron) +CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch *CVE-2005-0990 version (sharutils, fixed 4.6 at least) *CVE-2005-0989 version (thunderbird) *CVE-2005-0989 version (firefox, fixed 1.0.3) @@ -1703,7 +1703,7 @@ *CVE-2005-0088 version (mod_python, fixed after 2.7.8) *CVE-2005-0087 version (alsa-lib, fixed 1.0.9) *CVE-2005-0086 version (less) didn't affect upstream -*CVE-2005-0085 version (htdig, fixed 3.1.6-r7) +CVE-2005-0085 version (htdig, fixed 3.1.6-r7) *CVE-2005-0084 version (wireshark, fixed 0.10.9) *CVE-2005-0080 version (mailman) not upstream *CVE-2005-0078 version (kde, fixed 3.0.5) @@ -2175,7 +2175,7 @@ *CVE-2003-0961 version (kernel, fixed 2.4.23) *CVE-2003-0959 version (kernel, fixed 2.4.21) *CVE-2003-0956 version (kernel, fixed 2.4.22) -*CVE-2003-0935 version (net-snmp, fixed 5.0.9) +CVE-2003-0935 version (net-snmp, fixed 5.0.9) *CVE-2003-0927 version (wireshark, fixed 0.9.16) *CVE-2003-0926 version (wireshark, fixed 0.9.16) *CVE-2003-0925 version (wireshark, fixed 0.9.16) @@ -2372,7 +2372,7 @@ *CVE-2002-2060 version (links, fixed after 2.0pre4) *CVE-2002-2043 ignore (cyrus-sasl) patch against cyrus-sasl *CVE-2002-2012 ignore (httpd) not upstream version -*CVE-2002-2010 version (htdig, fixed 3.1.6) +CVE-2002-2010 version (htdig, fixed 3.1.6) *CVE-2002-2009 version (tomcat, fixed 4.0.3) *CVE-2002-2007 version (tomcat, not 5) *CVE-2002-2006 version (tomcat, not 5) @@ -2398,7 +2398,7 @@ *CVE-2002-1573 version (kernel, not 2.6) *CVE-2002-1572 version (kernel, not 2.6) *CVE-2002-1571 version (kernel, not 2.6) -*CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) +CVE-2002-1570 version (net-snmp, fixed in 5.0.8 at least) *CVE-2002-1568 version (openssl, fixed 0.9.6f) *CVE-2002-1568 version (openssl097a, fixed 0.9.6f) *CVE-2002-1567 version (tomcat, fixed 4.1.3) @@ -2470,7 +2470,7 @@ *CVE-2002-1217 version (tar, fixed 1.13.25) *CVE-2002-1175 version (fetchmail, fixed 6.2.0) *CVE-2002-1174 version (fetchmail, fixed 6.2.0) -*CVE-2002-1170 version (net-snmp, fixed 5.0.6) +CVE-2002-1170 version (net-snmp, fixed 5.0.6) *CVE-2002-1165 version (sendmail, fixed 8.12.10 at least) *CVE-2002-1160 version (pam) was our config *CVE-2002-1157 version (httpd, not 2.0) @@ -2601,10 +2601,10 @@ *CVE-2002-0043 version (sudo, fixed 1.6.4) *CVE-2002-0036 version (krb5, fixed 1.2.5) *CVE-2002-0029 version (bind, not 9) -*CVE-2002-0013 version (net-snmp, fixed 4.2.3) -*CVE-2002-0012 version (net-snmp, fixed 4.2.3) +CVE-2002-0013 version (net-snmp, fixed 4.2.3) +CVE-2002-0012 version (net-snmp, fixed 4.2.3) *CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong -*CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-lexer.patch +CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff *CVE-2002-0003 version (groff, fixed 1.17.2) *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) @@ -2612,14 +2612,14 @@ *CVE-2001-1429 (mc) *CVE-2001-0955 version (XFree86, fixed 4.2.0) CVE-2001-0935 ignore, no-ship (wu-ftpd) -*CVE-2001-0474 version (mesa, fixed 3.3-14) -*CVE-2001-0310 (sort) -*CVE-2001-0235 (vixie-cron) +CVE-2001-0474 version (mesa, fixed 3.3-14) +CVE-2001-0310 ignore (sort) mkstemp is now being used +CVE-2001-0235 (vixie-cron) ** Is this really CVE-2005-1038? CVE-2001-0187 ignore, no-ship (wu-ftpd) -*CVE-2000-1199 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch +CVE-2000-1191 backport (htdig) fixed htdig-3.2.0b6-unescaped_output.patch CVE-2000-1137 version (ed, fixed 0.2-18.1) *CVE-2000-0992 (krb5) -*CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) +CVE-2000-0504 version (libICE, fixed XFree86:4.0.1) CVE-1999-1572 backport (cpio) cpio-2.6-umask.patch *CVE-1999-1332 (gzip) CVE-1999-0997 ignore, no-ship (wu-ftpd) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jun 21 02:47:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 20 Jun 2007 22:47:32 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200706210247.l5L2lWbe025407@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From kevin at tummy.com 2007-06-20 22:47 EST ------- First of all it looks like all versions before 0.90.3 are affected. The upstream bug: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=466 Here's the commit that fixed it: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fole2_extract.c&rev=3078&sc=1 I don't know if this applies ok to the old 0.88.x versions. All the other vendors I see have just shipped the 0.90.3 version. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jun 21 03:33:00 2007 From: fedora-extras-commits at redhat.com (Kevin Fenzi (kevin)) Date: Wed, 20 Jun 2007 23:33:00 -0400 Subject: fedora-security/audit fc7,1.20,1.21 Message-ID: <200706210333.l5L3X0cV019416@cvs-int.fedora.redhat.com> Author: kevin Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19370 Modified Files: fc7 Log Message: Process clamav Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- fc7 20 Jun 2007 20:27:27 -0000 1.20 +++ fc7 21 Jun 2007 03:32:57 -0000 1.21 @@ -13,7 +13,7 @@ *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 -*CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3025 ignore (clamav, Solaris only) *CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 @@ -36,7 +36,7 @@ *CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 -*CVE-2007-2650 ** (clamav) #240395 +CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 *CVE-2007-2645 ignore (libexif) #240055 DoS only *CVE-2007-2637 patch (moin, fixed 1.5.7-2) *CVE-2007-2627 ** (wordpress) #239904 @@ -70,11 +70,11 @@ *CVE-2007-2165 VULNERABLE (proftpd) #237533 *CVE-2007-2138 (postgresql) *CVE-2007-2057 version (aircrack-ng, fixed 0.8-0.1) -*CVE-2007-2029 ignore (clamav, 0.90/0.90.1 only) +CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) *CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) -*CVE-2007-1997 ignore (clamav, 0.90/0.90.1 only) +CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1894 version (wordpress, fixed 2.1.3-0.rc2) @@ -89,7 +89,7 @@ *CVE-2007-1841 VULNERABLE (ipsec-tools) #238052 *CVE-2007-1804 VULNERABLE (pulseaudio) #235013 *CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 -*CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 +CVE-2007-1745 version (clamav, fixed in 0.90.2) #236703 *CVE-2007-1743 (httpd) *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) @@ -203,8 +203,8 @@ *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 -*CVE-2007-0898 backport (clamav, fixed 0.88.7-2) #229202 -*CVE-2007-0897 backport (clamav, fixed 0.88.7-2) #229202 +CVE-2007-0898 version (clamav, fixed 0.90) #229202 +CVE-2007-0897 version (clamav, fixed 0.90) #229202 *CVE-2007-0894 version (mediawiki, fixed 1.8.4) #228763 *CVE-2007-0884 ignore (mimedefang 2.59/2.60 not shipped) #228757 *CVE-2007-0857 version (moin, fixed 1.5.7) #228139 @@ -339,8 +339,8 @@ *CVE-2006-6498 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6497 version (seamonkey, fixed 1.0.7) #220516 *CVE-2006-6493 (openldap) -*CVE-2006-6481 version (clamav, fixed 0.88.7) -*CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 +CVE-2006-6481 version (clamav, fixed 0.88.7) +CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6385 ignore (kernel) windows only *CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 @@ -392,7 +392,7 @@ *CVE-2006-5925 backport (elinks) [since FEDORA-2006-1278] but was never vulneable as didn't have smbclient support *CVE-2006-5876 version (libsoup) #223144 [since FEDORA-2007-109] *CVE-2006-5875 version (enemies-of-carlotta, fixed 1.2.4) -*CVE-2006-5874 version (clamav, fixed 0.88.1) +CVE-2006-5874 version (clamav, fixed 0.88.1) *CVE-2006-5871 version (kernel, fixed 2.6.10) *CVE-2006-5870 (openoffice.org) *CVE-2006-5868 VULNERABLE (ImageMagick, fixed 6.2.9.1) #217560 @@ -455,7 +455,7 @@ CVE-2006-5330 ignore, no-ship (flash-plugin) *CVE-2006-5298 backport (mutt) [since FEDORA-2006-1063] *CVE-2006-5297 backport (mutt) [since FEDORA-2006-1063] -*CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 +CVE-2006-5295 version (clamav, fixed 0.88.5) #210973 *CVE-2006-5276 VULNERABLE (snort) #229265 CVE-2006-5229 ignore (openssh) not reproduced *CVE-2006-5215 VULNERABLE (xorg-x11-xinit) #212167 @@ -580,7 +580,7 @@ *CVE-2006-4227 version (mysql, fixed 5.0.26,5.1.12) #203434 [since FEDORA-2006-1297] *CVE-2006-4226 version (mysql, fixed 5.0.26,5.1.12) #203428 [since FEDORA-2006-1297] *CVE-2006-4192 patch (libmodplug, fixed 0.8-3) -*CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 +CVE-2006-4182 version (clamav, fixed 0.88.5) #210973 *CVE-2006-4181 (gnuradius) *CVE-2006-4146 backport (gdb) *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix @@ -593,7 +593,7 @@ *CVE-2006-4028 version (wordpress, fixed 2.0.4) #201989 *CVE-2006-4020 version (php, fixed 5.1.5) *CVE-2006-4019 version (squirrelmail, fixed 1.4.8) -*CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 +CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3918 version (httpd, fixed 2.2.2) *CVE-2006-3913 patch (freeciv, fixed 2.0.8-5) #200545 *CVE-2006-3879 version (mikmod, not 3.1.6) @@ -785,7 +785,7 @@ *CVE-2006-2444 version (kernel, fixed 2.6.17) *CVE-2006-2442 patch (kphone, fixed 4.2-9) bz#192202 *CVE-2006-2440 version (ImageMagick, fixed 6.2.8 at least) -*CVE-2006-2427 ignore (clamav) not an issue bz#192076 +CVE-2006-2427 ignore (clamav) not an issue bz#192076 *CVE-2006-2414 version (dovecot, fixed 1.0.beta8) not a security issue *CVE-2006-2369 version (vnc, fixed 4.1.2) *CVE-2006-2366 ignore (openobex) we don't ship ircp @@ -824,7 +824,7 @@ *CVE-2006-1993 version (firefox, fixed 1.5.0.3) *CVE-2006-1991 version (php) *CVE-2006-1990 version (php) -*CVE-2006-1989 version (clamav, fixed 0.88.2) +CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1942 version (firefox, fixed 1.5.0.4) *CVE-2006-1940 version (wireshark, fixed 0.99.0) @@ -915,11 +915,11 @@ *CVE-2006-1656 version (util-vserver, fixed 0.30.210) *CVE-2006-1650 ignore (firefox) a number of reports don't confirm this *CVE-2006-1646 ignore (ipsec-tools) KAME racoon, not ipsec-tools racoon -*CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1630 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1629 version (openvpn, fixed 2.0.6) bz#188050 *CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue -*CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 +CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 *CVE-2006-1608 ignore (php) safe mode isn't safe *CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) @@ -1081,7 +1081,7 @@ *CVE-2006-0197 ignore (xorg-x11) not an issue *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) -*CVE-2006-0162 version (clamav, fixed 0.88) +CVE-2006-0162 version (clamav, fixed 0.88) *CVE-2006-0151 (sudo) *CVE-2006-0150 (auth_ldap) *CVE-2006-0144 version (php-pear, not 1.4.4) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jun 21 06:54:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jun 2007 02:54:17 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200706210654.l5L6sHvt008731@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 enrico.scholz at informatik.tu-chemnitz.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From enrico.scholz at informatik.tu-chemnitz.de 2007-06-21 02:54 EST ------- sorry; package with patches is ready and in CVS for several weeks. But my local FC6 build- and testsystem is broken and I could not test the changes. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From ville.skytta at iki.fi Thu Jun 21 17:45:20 2007 From: ville.skytta at iki.fi (Ville =?utf-8?q?Skytt=C3=A4?=) Date: Thu, 21 Jun 2007 20:45:20 +0300 Subject: Fedora 7 and the Security Response Team In-Reply-To: <20070611165425.20373754@ghistelwchlohm.scrye.com> References: <23088.1175556679@devserv.devel.redhat.com> <466D9AAF.1080806@redhat.com> <20070611165425.20373754@ghistelwchlohm.scrye.com> Message-ID: <200706212045.20595.ville.skytta@iki.fi> On Tuesday 12 June 2007, Kevin Fenzi wrote: > At the same time, bugs that are public already I think it's good to see > progress on the list/in bugzilla. We may spot cases where maintainers > need help, want more info, or otherwise could use input from the > security list. +1, and we avoid doing duplicate work ourselves when we see someone else has already reported issues we're about to investigate/report. But of course, embargoed issues should not be leaked anywhere in public. Apart from just not Cc'ing the list and marking the bug as confidential in Bugzilla with a clear note why it is being marked confidential, I don't have many ideas how to handle that. Not that I would personally currently have access to non-public issues anyway ;) From bugzilla at redhat.com Thu Jun 21 17:57:01 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jun 2007 13:57:01 -0400 Subject: [Bug 245211] New: Wordpress 2.2: SQL injection, XSS vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245211 Summary: Wordpress 2.2: SQL injection, XSS vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: low Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com XML-RPC SQL injection: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3140 Cross site scripting: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3239 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3240 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3241 Note: these have been reported against Wordpress 2.2, I haven't investigated whether 2.1.3 currently in Fedora is affected. Also, 2.2.1 seems to have been released today, fixing at least some of these issues. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jun 21 18:03:35 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 21 Jun 2007 14:03:35 -0400 Subject: fedora-security/audit fc7, 1.21, 1.22 fe5, 1.206, 1.207 fe6, 1.120, 1.121 Message-ID: <200706211803.l5LI3Zm8014875@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14850 Modified Files: fc7 fe5 fe6 Log Message: Add new wordpress issues, note iscsi-initiator-utils update. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- fc7 21 Jun 2007 03:32:57 -0000 1.21 +++ fc7 21 Jun 2007 18:03:32 -0000 1.22 @@ -5,11 +5,18 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3241 ** (wordpress) #245211 +CVE-2007-3240 ** (wordpress) #245211 +CVE-2007-3239 ** (wordpress) #245211 +CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) +CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) +CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** +CVE-2007-3140 ** (wordpress) #245211 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.206 retrieving revision 1.207 diff -u -r1.206 -r1.207 --- fe5 17 Jun 2007 07:09:12 -0000 1.206 +++ fe5 21 Jun 2007 18:03:32 -0000 1.207 @@ -2,10 +2,15 @@ ** are items that need attention +CVE-2007-3241 ** (wordpress) #245211 +CVE-2007-3240 ** (wordpress) #245211 +CVE-2007-3239 ** (wordpress) #245211 +CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.120 retrieving revision 1.121 diff -u -r1.120 -r1.121 --- fe6 17 Jun 2007 07:09:12 -0000 1.120 +++ fe6 21 Jun 2007 18:03:32 -0000 1.121 @@ -2,10 +2,15 @@ ** are items that need attention +CVE-2007-3241 ** (wordpress) #245211 +CVE-2007-3240 ** (wordpress) #245211 +CVE-2007-3239 ** (wordpress) #245211 +CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jun 21 18:38:12 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jun 2007 14:38:12 -0400 Subject: [Bug 245219] New: clamav < 0.90.3 multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245219 Summary: clamav < 0.90.3 multiple vulnerabilities Product: Fedora Version: f7 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz at informatik.tu-chemnitz.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3023 "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3024 "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3122 "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3123 "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow." Not checked whether 0.88.x in FC-6 and earlier are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jun 21 18:40:48 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 21 Jun 2007 14:40:48 -0400 Subject: fedora-security/audit fc7, 1.22, 1.23 fe5, 1.207, 1.208 fe6, 1.121, 1.122 Message-ID: <200706211840.l5LIemsS019182@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19158 Modified Files: fc7 fe5 fe6 Log Message: Catch up with recent clamav CVEs. Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.22 retrieving revision 1.23 diff -u -r1.22 -r1.23 --- fc7 21 Jun 2007 18:03:32 -0000 1.22 +++ fc7 21 Jun 2007 18:40:46 -0000 1.23 @@ -17,10 +17,14 @@ CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3121 version (zvbi, fixed 0.2.25) *CVE-2007-3113 VULNERABLE (cacti) #243592 *CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.207 retrieving revision 1.208 diff -u -r1.207 -r1.208 --- fe5 21 Jun 2007 18:03:32 -0000 1.207 +++ fe5 21 Jun 2007 18:40:46 -0000 1.208 @@ -11,10 +11,14 @@ CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3123 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.121 retrieving revision 1.122 diff -u -r1.121 -r1.122 --- fe6 21 Jun 2007 18:03:32 -0000 1.121 +++ fe6 21 Jun 2007 18:40:46 -0000 1.122 @@ -11,10 +11,14 @@ CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3123 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3122 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3121 version (zvbi, fixed 0.2.25) CVE-2007-3113 VULNERABLE (cacti) #243592 CVE-2007-3112 VULNERABLE (cacti) #243592 CVE-2007-3025 ignore (clamav, Solaris only) +CVE-2007-3024 ** (clamav, fixed 0.90.3) #245219 +CVE-2007-3023 ** (clamav, fixed 0.90.3) #245219 CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2871 version (seamonkey, fixed 1.0.9) CVE-2007-2870 version (seamonkey, fixed 1.0.9) -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Thu Jun 21 18:54:19 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 21 Jun 2007 14:54:19 -0400 Subject: fedora-security/audit fc7,1.23,1.24 Message-ID: <200706211854.l5LIsJMI019558@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19540 Modified Files: fc7 Log Message: Note tomcat5, subversion Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.23 retrieving revision 1.24 diff -u -r1.23 -r1.24 --- fc7 21 Jun 2007 18:40:46 -0000 1.23 +++ fc7 21 Jun 2007 18:54:16 -0000 1.24 @@ -61,6 +61,9 @@ CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] *CVE-2007-2452 (locate) +CVE-2007-2450 VULNERABLE (tomcat5) #244810 +CVE-2007-2449 VULNERABLE (tomcat5) #244810 +CVE-2007-2448 VULNERABLE (subversion, fixed 1.4.4) #243856 *CVE-2007-2447 (samba) *CVE-2007-2446 (samba) *CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 @@ -159,6 +162,7 @@ *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 +CVE-2007-1358 ** (tomcat5) #244810 *CVE-2007-1354 (jboss) *CVE-2007-1352 VULNERABLE (libXfont) #235265 *CVE-2007-1351 VULNERABLE (libXfont) #235265 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jun 21 21:54:36 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 21 Jun 2007 17:54:36 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200706212154.l5LLsavA027042@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From Kevin at tigcc.ticalc.org 2007-06-21 17:54 EST ------- Then just push the changes without testing them, it's better than letting the security fixes stay unfixed. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Jun 22 16:22:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 22 Jun 2007 12:22:09 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200706221622.l5MGM9Uu018684@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 ------- Additional Comments From kevin at tummy.com 2007-06-22 12:22 EST ------- I happen to use a fc6 box here for email processing. Would you like me to test? Just rebuild the one from FC-6 cvs and confirm it works? Or do you have example files that I can run on it? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Jun 27 14:46:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jun 2007 10:46:04 -0400 Subject: [Bug 243591] CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability In-Reply-To: Message-ID: <200706271446.l5REk4Y9021335@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora jkeating at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2007-3152, CVE-2007- |CVE-2007-3152, CVE-2007- |3153: c-ares < 1.4.0 DNS |3153: c-ares older than |cache poisoning |1.4.0 DNS cache poisoning |vulnerability |vulnerability ------- Additional Comments From jkeating at redhat.com 2007-06-27 10:46 EST ------- change of subject to not trip up bodhi -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Wed Jun 27 20:12:12 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 27 Jun 2007 16:12:12 -0400 Subject: fedora-security/audit fc7,1.24,1.25 Message-ID: <200706272012.l5RKCC2e001346@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1324 Modified Files: fc7 Log Message: Note a new helixplayer flaw Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- fc7 21 Jun 2007 18:54:16 -0000 1.24 +++ fc7 27 Jun 2007 20:12:10 -0000 1.25 @@ -5,6 +5,7 @@ *CVE are items that need verification for Fedora 7 CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From bugzilla at redhat.com Thu Jun 28 01:52:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jun 2007 21:52:53 -0400 Subject: [Bug 243591] CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability In-Reply-To: Message-ID: <200706280152.l5S1qrLg003627@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 ------- Additional Comments From updates at fedoraproject.org 2007-06-27 21:52 EST ------- c-ares-1.4.0-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Jun 28 01:52:55 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 27 Jun 2007 21:52:55 -0400 Subject: [Bug 243591] CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability In-Reply-To: Message-ID: <200706280152.l5S1qtcw003652@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-3152, CVE-2007-3153: c-ares older than 1.4.0 DNS cache poisoning vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=243591 updates at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |ERRATA Fixed In Version| |1.4.0-1.fc7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Thu Jun 28 17:33:50 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 28 Jun 2007 13:33:50 -0400 Subject: fedora-security/audit fc7,1.26,1.27 Message-ID: <200706281733.l5SHXoxH032167@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32136 Modified Files: fc7 Log Message: c-ares updated Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.26 retrieving revision 1.27 diff -u -r1.26 -r1.27 --- fc7 27 Jun 2007 21:22:48 -0000 1.26 +++ fc7 28 Jun 2007 17:33:47 -0000 1.27 @@ -14,8 +14,8 @@ CVE-2007-3100 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3099 version (iscsi-initiator-utils, fixed 6.2.0.865) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 -CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Thu Jun 28 17:40:17 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Thu, 28 Jun 2007 13:40:17 -0400 Subject: fedora-security/audit fe5,1.208,1.209 fe6,1.122,1.123 Message-ID: <200706281740.l5SHeHKN001444@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1413 Modified Files: fe5 fe6 Log Message: c-ares updated Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.208 retrieving revision 1.209 diff -u -r1.208 -r1.209 --- fe5 21 Jun 2007 18:40:46 -0000 1.208 +++ fe5 28 Jun 2007 17:40:14 -0000 1.209 @@ -8,8 +8,8 @@ CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 -CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3123 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3122 ** (clamav, fixed 0.90.3) #245219 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.122 retrieving revision 1.123 diff -u -r1.122 -r1.123 --- fe6 21 Jun 2007 18:40:46 -0000 1.122 +++ fe6 28 Jun 2007 17:40:14 -0000 1.123 @@ -8,8 +8,8 @@ CVE-2007-3238 ** (wordpress) #245211 CVE-2007-3209 ignore (mail-notification, shipped with SSL enabled) CVE-2007-3165 VULNERABLE (tor, fixed 0.1.2.14) #244502 -CVE-2007-3153 VULNERABLE (c-ares, fixed 1.4.0) #243591 -CVE-2007-3152 VULNERABLE (c-ares, fixed 1.4.0) #243591 +CVE-2007-3153 version (c-ares, fixed 1.4.0) #243591 +CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3140 ** (wordpress) #245211 CVE-2007-3123 ** (clamav, fixed 0.90.3) #245219 CVE-2007-3122 ** (clamav, fixed 0.90.3) #245219 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Thu Jun 28 23:20:03 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Thu, 28 Jun 2007 19:20:03 -0400 Subject: fedora-security/audit fc7,1.27,1.28 Message-ID: <200706282320.l5SNK3fm005794@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4818 Modified Files: fc7 Log Message: ekg Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- fc7 28 Jun 2007 17:33:47 -0000 1.27 +++ fc7 28 Jun 2007 23:20:00 -0000 1.28 @@ -4,6 +4,9 @@ *CVE are items that need verification for Fedora 7 +CVE-2007-1663 VULNERABLE (ekg) +CVE-2007-1664 VULNERABLE (ekg) +CVE-2007-1665 VULNERABLE (ekg) CVE-2007-4168 VULNERABLE (libexif) #243890 CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 CVE-2007-3241 ** (wordpress) #245211 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Wed Jun 27 21:22:50 2007 From: fedora-extras-commits at redhat.com (Josh Bressers (bressers)) Date: Wed, 27 Jun 2007 17:22:50 -0400 Subject: fedora-security/audit fc7,1.25,1.26 Message-ID: <200706272122.l5RLMotU024558@cvs-int.fedora.redhat.com> Author: bressers Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv24517 Modified Files: fc7 Log Message: Deal with some ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.25 retrieving revision 1.26 diff -u -r1.25 -r1.26 --- fc7 27 Jun 2007 20:12:10 -0000 1.25 +++ fc7 27 Jun 2007 21:22:48 -0000 1.26 @@ -26,7 +26,7 @@ CVE-2007-3025 ignore (clamav, Solaris only) CVE-2007-3024 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3023 VULNERABLE (clamav, fixed 0.90.3) #245219 -*CVE-2007-3007 ignore (php) safe mode isn't safe +CVE-2007-3007 ignore (php) safe mode isn't safe *CVE-2007-2975 (openfire) *CVE-2007-2894 VULNERABLE (bochs) #241799 CVE-2007-2876 version (kernel, fixed 2.6.21.5) [ since FEDORA-2007-0409 ] @@ -38,7 +38,7 @@ *CVE-2007-2868 version (seamonkey, fixed 1.0.9) *CVE-2007-2867 version (seamonkey, fixed 1.0.9) *CVE-2007-2865 VULNERABLE (phpPgAdmin) #241489 -*CVE-2007-2844 ignore (php) #241641 +CVE-2007-2844 ignore (php) #241641 *CVE-2007-2843 ignore (konqueror) safari specific *CVE-2007-2821 VULNERABLE (wordpress, fixed 2.2) #240970 *CVE-2007-2799 (file) @@ -54,10 +54,10 @@ *CVE-2007-2627 ** (wordpress) #239904 *CVE-2007-2589 (squirrelmail) *CVE-2007-2583 (mysql) -*CVE-2007-2519 ignore (php-pear) no trust boundary is crossed -*CVE-2007-2511 ignore (php) #239011 see the bug -*CVE-2007-2510 (php) -*CVE-2007-2509 (php) +CVE-2007-2519 ignore (php-pear) no trust boundary is crossed +CVE-2007-2511 ignore (php) #239011 see the bug +CVE-2007-2510 version (php, fixed 5.2.2) +CVE-2007-2509 version (php, fixed 5.2.2) *CVE-2007-2500 patch (gnash, fixed 0.7.2-2) #239213 CVE-2007-2453 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] CVE-2007-2451 version (kernel, fixed 2.6.21.4) [ since FEDORA-2007-0409 ] @@ -88,7 +88,7 @@ CVE-2007-2029 VULNERABLE (clamav, fixed 0.90.3) *CVE-2007-2028 (freeradius) *CVE-2007-2026 (file) -*CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) +CVE-2007-2016 ignore (phpMyAdmin, < 2.8.0.2 never shipped) CVE-2007-1997 version (clamav, fixed in 0.90.2) *CVE-2007-1995 (quagga) #240488 *CVE-2007-1897 version (wordpress, fixed 2.1.3) #235912 @@ -96,7 +96,7 @@ *CVE-2007-1893 version (wordpress, fixed 2.1.3) #235912 *CVE-2007-1870 version (lighttpd, fixed 1.4.14) #236489 *CVE-2007-1869 version (lighttpd, fixed 1.4.14) #236489 -*CVE-2007-1864 (php) +CVE-2007-1864 version (php, fixed 5.2.2) *CVE-2007-1862 (httpd) *CVE-2007-1859 (xscreensaver) *CVE-2007-1858 (tomcat) @@ -109,17 +109,17 @@ *CVE-2007-1742 (httpd) *CVE-2007-1741 (httpd) *CVE-2007-1732 ignore (wordpress) #235015 -*CVE-2007-1718 (php) -*CVE-2007-1717 (php) -*CVE-2007-1711 (php) -*CVE-2007-1710 (php) -*CVE-2007-1709 (php) +CVE-2007-1718 version (php, fixed 5.2.2) +CVE-2007-1717 version (php, fixed 5.2.2) +CVE-2007-1711 version (php, 4.4.5 and 4.4.6 only) +CVE-2007-1710 version (php, fixed 5.2.2) +CVE-2007-1709 ignore (php) no security impact *CVE-2007-1667 (xorg-x11) -*CVE-2007-1649 (php) +CVE-2007-1649 version (php, fixed 5.2.2) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 *CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 -*CVE-2007-1583 (php) +CVE-2007-1583 version (php, fixed 5.2.2) *CVE-2007-1565 ignore (konqueror) client crash *CVE-2007-1564 vulnerable (konqueror) [#CVE-2007-1564] *CVE-2007-1562 (firefox, seamonkey, thunderbird) @@ -132,34 +132,34 @@ *CVE-2007-1544 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1543 version (nas, fixed 1.8a-2) #233353 *CVE-2007-1536 (file) -*CVE-2007-1521 (php) +CVE-2007-1521 ignore (php) See NVD *CVE-2007-1515 version (imp, fixed 4.1.4) CVE-2007-1496 version (kernel, fixed 2.6.20.3) -*CVE-2007-1484 (php) -*CVE-2007-1475 ignore (php) unshipped ibase extension +CVE-2007-1484 ignore (php) See NVD +CVE-2007-1475 ignore (php) unshipped ibase extension *CVE-2007-1474 version (horde, fixed 3.1.4) *CVE-2007-1474 ignore (imp, < 4.x only) *CVE-2007-1473 version (horde, fixed 3.1.4) *CVE-2007-1466 (openoffice.org) *CVE-2007-1464 version (inkscape, fixed 0.45.1) *CVE-2007-1463 version (inkscape, fixed 0.45.1) -*CVE-2007-1460 (php) +CVE-2007-1460 version (php, fixed 5.2.2) *CVE-2007-1429 version (moodle, fixed 1.6.5) #232103 *CVE-2007-1420 VULNERABLE (mysql, fixed 5.0.36) #232604 -*CVE-2007-1413 ignore (php) Windows NT SNMP specific -*CVE-2007-1412 ignore (php) unshipped cpdf extension -*CVE-2007-1411 ignore (php) unshipped mssql extension +CVE-2007-1413 ignore (php) Windows NT SNMP specific +CVE-2007-1412 ignore (php) unshipped cpdf extension +CVE-2007-1411 ignore (php) unshipped mssql extension *CVE-2007-1406 version (trac, fixed 0.10.3.1) #231729 *CVE-2007-1405 version (trac, fixed 0.10.3.1) #231729 -*CVE-2007-1401 ignore (php) unshipped cracklib extension -*CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) +CVE-2007-1401 ignore (php) unshipped cracklib extension +CVE-2007-1399 version (php-pecl-zip, fixed 1.8.5) *CVE-2007-1398 ignore (snort, inline mode not shipped) #232109 -*CVE-2007-1396 ignore (php) feature, not a flaw +CVE-2007-1396 ignore (php) feature, not a flaw *CVE-2007-1395 version (phpMyAdmin, fixed 2.10.0.2) *CVE-2007-1387 patch (xine-lib, fixed 1.1.4-3) *CVE-2007-1385 version (ktorrent, fixed 2.1.2) *CVE-2007-1384 version (ktorrent, fixed 2.1.2) -*CVE-2007-1375 (php) +CVE-2007-1375 version (php, fixed 5.2.2) *CVE-2007-1366 ** (qemu) #238723 *CVE-2007-1362 version (seamonkey, fixed 1.0.9) *CVE-2007-1359 patch (mod_security, fixed 2.1.0-3) #231728 @@ -171,9 +171,9 @@ *CVE-2007-1322 ** (qemu) #238723 *CVE-2007-1321 ** (qemu) #238723 *CVE-2007-1320 ** (qemu) #238723 -*CVE-2007-1287 (php) -*CVE-2007-1286 (php) -*CVE-2007-1285 (php) +CVE-2007-1287 ignore (php) See NVD +CVE-2007-1286 version (php, PHP4 only) +CVE-2007-1285 version (php, 5.2.2) *CVE-2007-1282 version (seamonkey, fixed 1.0.8) *CVE-2007-1277 version (wordpress, fixed 2.1.2) *CVE-2007-1267 ignore (sylpheed, uses gpgme) #231733 @@ -185,7 +185,7 @@ *CVE-2007-1244 version (wordpress, fixed 2.1.2) #230898 *CVE-2007-1230 version (wordpress, fixed 2.1.2) *CVE-2007-1218 backport (tcpdump) 232349 [since FEDORA-2007-347] -CVE-2007-1216 patch (krb5, fixed 1.6-3) #231537 +CVE-2007-1216 version (krb5, fixed 1.6-3) #231537 *CVE-2007-1103 VULNERABLE (tor) #230927 *CVE-2007-1092 version (seamonkey, fixed 1.0.8) *CVE-2007-1055 version (mediawiki, fixed 1.8.3) @@ -198,24 +198,24 @@ *CVE-2007-1004 VULNERABLE (firefox, ...) *CVE-2007-1003 VULNERABLE (xorg-x11-server, fixed > X11R7.2) #235263 *CVE-2007-1002 VULNERABLE (evolution) #233587 -*CVE-2007-1001 (php) +CVE-2007-1001 version (php, fixed 5.2.2) CVE-2007-1000 version (kernel, fixed 2.6.20.2) [since FEDORA-2007-335] *CVE-2007-0999 (ekiga) *CVE-2007-0998 version (qemu, fixed 0.8.2) *CVE-2007-0998 backport (xen) #230295 [since FEDORA-2007-343] *CVE-2007-0996 version (seamonkey, fixed 1.0.8) *CVE-2007-0995 version (seamonkey, fixed 1.0.8) -*CVE-2007-0988 (php) +CVE-2007-0988 version (php, fixed 5.2.1) *CVE-2007-0981 VULNERABLE (firefox, ...) *CVE-2007-0981 version (seamonkey, fixed 1.0.8) #229253 CVE-2007-0957 patch (krb5, fixed 1.6-3) #231528 CVE-2007-0956 patch (krb5, fixed 1.6-3) #229782 -*CVE-2007-0911 (php) -*CVE-2007-0910 (php) -*CVE-2007-0909 (php) -*CVE-2007-0908 (php) -*CVE-2007-0907 (php) -*CVE-2007-0906 (php) +CVE-2007-0911 version (php, 5.2.1 only) +CVE-2007-0910 version (php, fixed 5.2.1) +CVE-2007-0909 version (php, fixed 5.2.1) +CVE-2007-0908 version (php, fixed 5.2.1) +CVE-2007-0907 version (php, fixed 5.2.1) +CVE-2007-0906 version (php, fixed 5.2.1) *CVE-2007-0903 version (ejabberd, fixed 1.1.3) *CVE-2007-0902 patch (moin, fixed 1.5.7-2) #228764 *CVE-2007-0901 patch (moin, fixed 1.5.7-2) #228764 @@ -236,7 +236,7 @@ CVE-2007-0771 patch (kernel, fixed 2.6.20-1.2933) #227952 *CVE-2007-0770 patch (GraphicsMagick, fixed 1.1.7-7) #228758 *CVE-2007-0770 ignore (ImageMagick) only if incomplete CVE-2006-5456 -*CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated +CVE-2007-0720 ignore (cups, fixed 1.2.7) cups is already updated *CVE-2007-0657 ignore (nexuiz, 2.2.2 only (not shipped), fixed 2.2.3) *CVE-2007-0654 VULNERABLE (xmms) #233705 *CVE-2007-0653 VULNERABLE (xmms) #233705 @@ -248,8 +248,8 @@ *CVE-2007-0540 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0539 version (wordpress, fixed 2.1-0) #225469 *CVE-2007-0537 VULNERABLE (kdebase) #225420 -*CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] -*CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] +CVE-2007-0494 version (bind, fixed 9.3.4) #225268 [since FEDORA-2007-147] +CVE-2007-0493 version (bind, fixed 9.3.4) #224443 [since FEDORA-2007-147] *CVE-2007-0475 version (smb4k, fixed 0.8.0) *CVE-2007-0474 version (smb4k, fixed 0.8.0) *CVE-2007-0473 version (smb4k, fixed 0.8.0) @@ -264,7 +264,7 @@ *CVE-2007-0452 (samba) *CVE-2007-0451 version (spamassassin, fixed 3.1.8) [since FEDORA-2007-241] *CVE-2007-0450 (tomcat) -*CVE-2007-0448 (php) +CVE-2007-0448 ignore (php) safe mode isn't safe *CVE-2007-0405 version (Django, fixed 0.95.1) *CVE-2007-0404 version (Django, fixed 0.95.1) *CVE-2007-0341 ignore (phpMyAdmin, 2.8.x only) @@ -303,8 +303,8 @@ CVE-2007-0005 version (kernel, fixed 2.6.20) [since FEDORA-2007-335] *CVE-2007-0002 version (libwpd, fixed 0.8.9) #222808 [since FEDORA-2007-351] CVE-2007-0001 ignore (kernel) rhel4 2.6.9 only known affected -*CVE-2006-7205 (php) -*CVE-2006-7204 (php) +CVE-2006-7205 ignore (php) See NVD +CVE-2006-7204 ignore (php) See NVD *CVE-2006-7197 (tomcat) *CVE-2006-7196 (tomcat) *CVE-2006-7195 (tomcat) @@ -358,7 +358,7 @@ CVE-2006-6481 version (clamav, fixed 0.88.7) CVE-2006-6406 version (clamav, fixed 0.88.7) #219095 CVE-2006-6385 ignore (kernel) windows only -*CVE-2006-6383 ignore (php) safe mode isn't safe +CVE-2006-6383 ignore (php) safe mode isn't safe *CVE-2006-6374 ** (phpMyAdmin) #218853 *CVE-2006-6373 version (phpMyAdmin, fixed 2.9.1.1) #218853 CVE-2006-6333 version (kernel, fixed 2.6.19.1) [since FEDORA-2007-058] @@ -436,7 +436,7 @@ *CVE-2006-5747 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5747 version (seamonkey, fixed 1.0.6) #214822 *CVE-2006-5747 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] -*CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe +CVE-2006-5706 ignore (php, fixed 5.2.0) safe mode isn't safe *CVE-2006-5705 backport (wordpress, fixed 2.0.4-3) #213985 *CVE-2006-5701 VULNERABLE (kernel) squashfs is not included upstream *CVE-2006-5633 ignore (firefox) just a client DoS @@ -452,7 +452,7 @@ *CVE-2006-5468 version (wireshark, fixed 0.99.4) [since FEDORA-2006-1140] *CVE-2006-5467 backport (ruby) #212396 [since FEDORA-2006-1109] *CVE-2006-5466 VULNERABLE (rpm) #212833 -*CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] +CVE-2006-5465 backport (php, fixed 5.2.0) #213732 [since FEDOA-2006-1169] *CVE-2006-5464 version (thunderbird, fixed 1.5.0.8) [since FEDORA-2006-1192] *CVE-2006-5464 version (seamonkey, fixed 1.0.6) #214822 *CVE-2006-5464 version (firefox, fixed 1.5.0.8) [since FEDORA-2006-1191] @@ -480,7 +480,7 @@ *CVE-2006-5214 VULNERABLE (xorg-x11-xinit) #212167 *CVE-2006-5214 version (xorg-x11-xdm) *CVE-2006-5214 ignore (kdebase) #212166 links to xinit Xsession -*CVE-2006-5178 VULNERABLE (php) can't be fixed +CVE-2006-5178 VULNERABLE (php) can't be fixed *CVE-2006-5174 ignore (kernel, fixed 2.6.19-rc1) s390 only *CVE-2006-5173 ignore (kernel, fixed 2.6.18) protected by exec-shield *CVE-2006-5170 VULNERABLE (nss_ldap, fixed 183) @@ -510,7 +510,7 @@ *CVE-2006-4816 (php) *CVE-2006-4814 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] *CVE-2006-4813 version (kernel, fixed 2.6.13) -*CVE-2006-4812 backport (php) php-5.1.6-ecalloc.patch +CVE-2006-4812 version (php, fixed 5.2) *CVE-2006-4811 version (qt, fixed 3.3.7) [since FEDORA-2006-1055] *CVE-2006-4810 backport (texinfo) [since FEDORA-2006-1203] *CVE-2006-4809 patch (imlib2, fixed 1.3.0-3) #214676 @@ -526,7 +526,7 @@ *CVE-2006-4684 version (zope, fixed 2.9.2) *CVE-2006-4663 ignore (kernel) not a vulnerability CVE-2006-4640 ignore, no-ship (flash-plugin) -*CVE-2006-4625 ignore (php) safe mode isn't safe +CVE-2006-4625 ignore (php) safe mode isn't safe *CVE-2006-4624 version (mailman, fixed 2.1.9rc1) *CVE-2006-4623 version (kernel, fixed 2.6.18-rc1) *CVE-2006-4600 version (openldap, fixed 2.3.25) @@ -556,18 +556,18 @@ *CVE-2006-4513 version (wv, fixed 1.2.4) #212696 *CVE-2006-4513 ** (abiword) #212698 *CVE-2006-4507 ignore (libtiff) can't reproduce -*CVE-2006-4486 version (php, fixed 5.1.6) -*CVE-2006-4485 version (php, fixed 5.1.5) -*CVE-2006-4484 version (php, fixed 5.1.5) +CVE-2006-4486 version (php, fixed 5.1.6) +CVE-2006-4485 version (php, fixed 5.1.5) +CVE-2006-4484 version (php, fixed 5.1.5) *CVE-2006-4484 ignore (gd) -*CVE-2006-4483 ignore (php) not linux -*CVE-2006-4482 version (php, fixed 5.1.5) -*CVE-2006-4481 ignore (php) safe mode isn't safe -*CVE-2006-4455 ignore (xchat) client DoS +CVE-2006-4483 ignore (php) not linux +CVE-2006-4482 version (php, fixed 5.1.5) +CVE-2006-4481 ignore (php) safe mode isn't safe +CVE-2006-4455 ignore (xchat) client DoS *CVE-2006-4447 ignore (xorg) not a security issue *CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable -*CVE-2006-4433 version (php, fixed 5.1.4) -*CVE-2006-4433 version (php, fixed 5.1.4) +CVE-2006-4433 version (php, fixed 5.1.4) +CVE-2006-4433 version (php, fixed 5.1.4) *CVE-2006-4380 version (mysql, fixed 4.1.13) *CVE-2006-4343 backport (openssl, fixed 0.9.8d) *CVE-2006-4342 ignore (kernel) rhel3 only @@ -602,12 +602,12 @@ *CVE-2006-4145 version (kernel, fixed 2.6.17.10, fixed 2.6.18-rc5) needs a better upstream fix *CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) *CVE-2006-4124 (lesstif) -*CVE-2006-4096 backport (bind) -*CVE-2006-4095 backport (bind) +CVE-2006-4096 version (bind, fixed 9.3.2-P1) +CVE-2006-4095 version (bind, fixed 9.3.2-P1) *CVE-2006-4093 version (kernel, fixed 2.6.17.9, fixed 2.6.18-rc5) *CVE-2006-4031 version (mysql, fixed 5.0.24) #202675 [since FEDORA-2006-1297] *CVE-2006-4028 version (wordpress, fixed 2.0.4) #201989 -*CVE-2006-4020 version (php, fixed 5.1.5) +CVE-2006-4020 version (php, fixed 5.1.5) *CVE-2006-4019 version (squirrelmail, fixed 1.4.8) CVE-2006-4018 version (clamav, fixed 0.88.4-1) #201688 *CVE-2006-3918 version (httpd, fixed 2.2.2) @@ -722,16 +722,16 @@ *CVE-2006-3113 version (firefox, fixed 1.5.0.5) *CVE-2006-3093 ignore (acroread) windows only *CVE-2006-3085 version (kernel, fixed 2.6.17.1) -*CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux -*CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) +CVE-2006-3084 ignore (krb5) seteuid() calls never fail on linux +CVE-2006-3083 backport (krb5, fixed 1.5.1, 1.4.4) *CVE-2006-3082 version (gnupg, fixed 1.4.4) *CVE-2006-3081 version (mysql, fixed 5.1.18) *CVE-2006-3057 version (dhcdbd, fixed 1.14) -*CVE-2006-3018 version (php, fixed 5.1.3) -*CVE-2006-3017 version (php, fixed 5.1.3) -*CVE-2006-3016 version (php, fixed 5.1.3) +CVE-2006-3018 version (php, fixed 5.1.3) +CVE-2006-3017 version (php, fixed 5.1.3) +CVE-2006-3016 version (php, fixed 5.1.3) *CVE-2006-3014 ignore (flash-plugin) windows only -*CVE-2006-3011 ignore (php) safe mode isn't safe +CVE-2006-3011 ignore (php) safe mode isn't safe *CVE-2006-3005 ignore (libjpeg) not a vuln *CVE-2006-2941 version (mailman, fixed 2.1.9) *CVE-2006-2940 backport (openssl, fixed 0.9.8d) @@ -777,15 +777,15 @@ *CVE-2006-2753 version (mysql, fixed 5.0.22) *CVE-2006-2723 ignore (firefox) disputed *CVE-2006-2661 version (freetype, fixed 2.2.1) -*CVE-2006-2660 ignore (php) see #195539 +CVE-2006-2660 ignore (php) see #195539 *CVE-2006-2658 version (xsp, fixed 1.1.14) #206510 -*CVE-2006-2657 (php) +CVE-2006-2657 (php) DUPE CVE-2006-3017 *CVE-2006-2656 backport (libtiff) tiffsplit-overflow.patch *CVE-2006-2629 ignore (kernel) couldn't be reproduced on FC *CVE-2006-2613 ignore (firefox) This isn't an issue on FC CVE-2006-2607 backport (vixie-cron) vixie-cron-4.1-_48-security.patch *CVE-2006-2575 patch (netpanzer, fixed 0.8-4) bz#192983 -*CVE-2006-2563 ignore (php) safe mode isn't safe +CVE-2006-2563 ignore (php) safe mode isn't safe *CVE-2006-2502 (cyrus-imapd) *CVE-2006-2489 version (nagios, fixed 2.3.1) *CVE-2006-2480 patch (dia, fixed 0.95-2) bz#192535 @@ -829,17 +829,17 @@ *CVE-2006-2120 version (libtiff, fixed 3.8.2 at least) *CVE-2006-2093 version (nessus, fixed 2.2.7) bz#191053 CVE-2006-2083 version (rsync, fixed 2.6.8) -*CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP +CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP *CVE-2006-2071 version (kernel, fixed 2.6.16.6) *CVE-2006-2057 ignore (firefox) not Linux *CVE-2006-2026 version (libtiff, fixed 3.8.1) *CVE-2006-2025 version (libtiff, fixed 3.8.1) *CVE-2006-2024 version (libtiff, fixed 3.8.1) *CVE-2006-2017 version (dnsmasq, fixed 2.30) -*CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) +CVE-2006-2016 version (phpldapadmin, fixed 0.9.8.1) *CVE-2006-1993 version (firefox, fixed 1.5.0.3) -*CVE-2006-1991 version (php) -*CVE-2006-1990 version (php) +CVE-2006-1991 version (php, fixed 5.1.3) +CVE-2006-1990 version (php, fixed 5.1.3) CVE-2006-1989 version (clamav, fixed 0.88.2) *CVE-2006-1945 backport (awstats, fixed 6.5-4) bz#190922 awstats-6.5-CVE-2006-1945.patch *CVE-2006-1942 version (firefox, fixed 1.5.0.4) @@ -936,11 +936,11 @@ *CVE-2006-1624 ignore (sysklogd) Silly configuration is not a security issue CVE-2006-1615 version (clamav, fixed 0.88.1) bz#188286 CVE-2006-1614 version (clamav, fixed 0.88.1) bz#188286 -*CVE-2006-1608 ignore (php) safe mode isn't safe +CVE-2006-1608 ignore (php) safe mode isn't safe *CVE-2006-1577 version (mantis, fixed 1.0.5) bz#191089 *CVE-2006-1566 ignore (libtunepimp, Debian-specific problem) *CVE-2006-1550 version (dia, fixed 0.95) bz#187556 -*CVE-2006-1549 ignore (php) this is not a security issue +CVE-2006-1549 ignore (php) this is not a security issue *CVE-2006-1548 version (struts, fixed 1.2.9) *CVE-2006-1547 version (struts, fixed 1.2.9) *CVE-2006-1546 version (struts, fixed 1.2.9) @@ -966,8 +966,8 @@ *CVE-2006-1517 version (mysql, fixed 5.0.21) *CVE-2006-1516 version (mysql, fixed 5.0.21) *CVE-2006-1498 version (mediawiki, fixed 1.5.8) bz#188122 -*CVE-2006-1494 version (php) -*CVE-2006-1490 version (php, fixed 5.1.4) +CVE-2006-1494 version (php, fixed 5.1.3) +CVE-2006-1490 version (php, fixed 5.1.4) *CVE-2006-1470 version (openldap, not 2.3.24 at least) *CVE-2006-1390 ignore (nethack, Gentoo-specific problem) bz#187353 *CVE-2006-1370 (helixplayer) @@ -1000,10 +1000,10 @@ *CVE-2006-1053 (fedora directory server) *CVE-2006-1052 version (kernel, fixed 2.6.16) *CVE-2006-1045 version (thunderbird, fixed 1.5.0.2) -*CVE-2006-1015 ignore (php) safe mode isn't safe -*CVE-2006-1014 ignore (php) safe mode isn't safe -*CVE-2006-0996 version (php, fixed 5.1.4) -*CVE-2006-0987 (bind) +CVE-2006-1015 ignore (php) safe mode isn't safe +CVE-2006-1014 ignore (php) safe mode isn't safe +CVE-2006-0996 version (php, fixed 5.1.4) +CVE-2006-0987 VULNERABLE (bind) example config file only *CVE-2006-0903 version (mysql, 4.1.19) *CVE-2006-0884 version (thunderbird, fixed 1.5.0.2) CVE-2006-0883 version (openssh, fixed 3.8.1p1) @@ -1091,20 +1091,20 @@ *CVE-2006-0254 version (tomcat5, fixed 5.5.16) *CVE-2006-0236 ignore (thunderbird) windows only CVE-2006-0225 version (openssh, fixed 4.3p2) #168167 -*CVE-2006-0208 version (php, fixed 5.1.2) -*CVE-2006-0207 version (php, fixed 5.1.2) -*CVE-2006-0200 version (php, fixed 5.1.2) +CVE-2006-0208 version (php, fixed 5.1.2) +CVE-2006-0207 version (php, fixed 5.1.2) +CVE-2006-0200 version (php, fixed 5.1.2) *CVE-2006-0197 ignore (xorg-x11) not an issue *CVE-2006-0195 version (squirrelmail, fixed 1.4.6) *CVE-2006-0188 version (squirrelmail, fixed 1.4.6) CVE-2006-0162 version (clamav, fixed 0.88) -*CVE-2006-0151 (sudo) +CVE-2006-0151 ignore (sudo) only env_reset will properly clean the environment *CVE-2006-0150 (auth_ldap) -*CVE-2006-0144 version (php-pear, not 1.4.4) +CVE-2006-0144 version (php-pear, not 1.4.4) *CVE-2006-0126 version (rxvt-unicode, fixed 7.5) *CVE-2006-0106 version (wine, fixed 0.9.10) *CVE-2006-0105 (postgresql) -*CVE-2006-0097 ignore (php) Windows only +CVE-2006-0097 ignore (php) Windows only *CVE-2006-0096 ignore (kernel) minor and requires root *CVE-2006-0095 version (kernel, fixed 2.6.16) *CVE-2006-0082 version (ImageMagick, not 6.2.5.4) @@ -1153,8 +1153,8 @@ *CVE-2005-4352 version (kernel, fixed 2.6.18.3) [since FEDORA-2006-1471] *CVE-2005-4348 version (fetchmail, fixed 6.3.1) CVE-2005-4268 backport (cpio) cpio-2.6-writeOutHeaderBufferOverflow.patch -*CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment -*CVE-2005-4154 ignore (php) don't install untrusted pear packages +CVE-2005-4158 ignore (sudo) only env_reset will properly clean the environment +CVE-2005-4154 ignore (php) don't install untrusted pear packages *CVE-2005-4153 version (mailman) *CVE-2005-4134 ignore (firefox) http://www.mozilla.org/security/history-title.html *CVE-2005-4130 (helixplayer) @@ -1167,7 +1167,7 @@ *CVE-2005-3890 (pidgin) *CVE-2005-3889 (pidgin) *CVE-2005-3888 (pidgin) -*CVE-2005-3883 version (php, fixed 5.1.1 at least) +CVE-2005-3883 version (php, fixed 5.1.1 at least) *CVE-2005-3858 version (kernel, fixed 2.6.13) *CVE-2005-3857 version (kernel, fixed 2.6.15) *CVE-2005-3848 version (kernel, fixed 2.6.13) @@ -1195,23 +1195,23 @@ *CVE-2005-3629 version (initscripts, fixed 8.29 at least) *CVE-2005-3628 version (poppler, fixed 0.4.4) *CVE-2005-3628 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3628 version (cups, fixed 1.2.0) +CVE-2005-3628 version (cups, fixed 1.2.0) *CVE-2005-3628 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3627 version (poppler, fixed 0.4.4) *CVE-2005-3627 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3627 version (cups, fixed 1.2.0) +CVE-2005-3627 version (cups, fixed 1.2.0) *CVE-2005-3627 backport (tetex) *CVE-2005-3626 version (poppler, fixed 0.4.4) *CVE-2005-3626 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3626 version (cups, fixed 1.2.0) +CVE-2005-3626 version (cups, fixed 1.2.0) *CVE-2005-3626 backport (tetex) *CVE-2005-3625 version (poppler, fixed 0.4.4) *CVE-2005-3625 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3625 version (cups, fixed 1.2.0) +CVE-2005-3625 version (cups, fixed 1.2.0) *CVE-2005-3625 backport (tetex) *CVE-2005-3624 version (poppler, fixed 0.4.4) *CVE-2005-3624 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3624 version (cups, fixed 1.2.0) +CVE-2005-3624 version (cups, fixed 1.2.0) *CVE-2005-3624 backport (tetex) *CVE-2005-3623 version (kernel, fixed 2.6.14.5) CVE-2005-3591 ignore, no-ship (flash-plugin) @@ -1220,22 +1220,22 @@ *CVE-2005-3527 version (kernel, fixed 2.6.14) *CVE-2005-3510 (tomcat) *CVE-2005-3402 ignore (thunderbird) mozilla say by design -*CVE-2005-3392 version (php, not 5.0) -*CVE-2005-3391 version (php, not 5.0) -*CVE-2005-3390 version (php, fixed 5.1.0) -*CVE-2005-3389 version (php, fixed 5.1.1) -*CVE-2005-3388 version (php, fixed 5.1.1) +CVE-2005-3392 version (php, not 5.0) +CVE-2005-3391 version (php, not 5.0) +CVE-2005-3390 version (php, fixed 5.1.0) +CVE-2005-3389 version (php, fixed 5.1.1) +CVE-2005-3388 version (php, fixed 5.1.1) *CVE-2005-3359 version (kernel, fixed 2.6.14) *CVE-2005-3358 version (kernel, fixed 2.6.11) *CVE-2005-3357 version (httpd, fixed 2.2.1) *CVE-2005-3356 version (kernel, fixed 2.6.16) *CVE-2005-3354 (sylpheed) -*CVE-2005-3353 version (php, not 5.0) +CVE-2005-3353 version (php, not 5.0) *CVE-2005-3352 version (httpd, fixed 2.2.1) *CVE-2005-3351 version (spamassassin, fixed 3.1.0) *CVE-2005-3350 (libungif) CVE-2005-3322 version (squid) not upstream, SUSE only -*CVE-2005-3319 ignore (mod_php) no security consequence +CVE-2005-3319 ignore (mod_php) no security consequence *CVE-2005-3313 version (wireshark, fixed after 0.10.13) *CVE-2005-3276 version (kernel, fixed 2.6.12.4) *CVE-2005-3275 version (kernel, fixed 2.6.13) @@ -1257,15 +1257,15 @@ *CVE-2005-3241 version (wireshark, fixed 0.10.13) *CVE-2005-3193 version (poppler, fixed 0.4.4) *CVE-2005-3193 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3193 version (cups, fixed 1.2.0) +CVE-2005-3193 version (cups, fixed 1.2.0) *CVE-2005-3193 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3192 version (poppler, fixed 0.4.4) *CVE-2005-3192 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3192 version (cups, fixed 1.2.0) +CVE-2005-3192 version (cups, fixed 1.2.0) *CVE-2005-3192 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3191 version (poppler, fixed 0.4.4) *CVE-2005-3191 version (kdegraphics, fixed 3.5.1) -*CVE-2005-3191 version (cups, fixed 1.2.0) +CVE-2005-3191 version (cups, fixed 1.2.0) *CVE-2005-3191 backport (tetex) tetex-3.0-CVE-2005-3193.patch *CVE-2005-3186 version (gtk2, fixed 2.8.7 at least) *CVE-2005-3185 version (wget, fixed 1.10.2 at least) @@ -1287,7 +1287,7 @@ *CVE-2005-3089 version (firefox, fixed 1.0.7) *CVE-2005-3088 ignore (fetchmail) fetchmailconf not shipped *CVE-2005-3055 version (kernel, fixed 2.6.14) -*CVE-2005-3054 ignore (php) +CVE-2005-3054 ignore (php) *CVE-2005-3053 version (kernel, fixed 2.6.12.5) *CVE-2005-3044 version (kernel, fixed 2.6.13.2) *CVE-2005-3011 backport (texinfo) texinfo-CAN-2005-3011.patch @@ -1303,7 +1303,7 @@ *CVE-2005-2969 backport (openssl097a, fixed 0.9.7h) *CVE-2005-2968 version (thunderbird) *CVE-2005-2968 version (firefox) -*CVE-2005-2959 ignore (sudo) not a vulnerability +CVE-2005-2959 ignore (sudo) not a vulnerability *CVE-2005-2958 (libgda) *CVE-2005-2946 version (openssl, fixed 0.9.8) *CVE-2005-2933 version (libc-client, fixed 2004g at least) @@ -1311,7 +1311,7 @@ *CVE-2005-2922 (helixplayer) CVE-2005-2917 version (squid, fixed 2.5.STABLE11) *CVE-2005-2876 version (util-linux, fixed 2.13-pre3) -*CVE-2005-2874 version (cups, fixed 1.1.23) +CVE-2005-2874 version (cups, fixed 1.1.23) *CVE-2005-2873 version (kernel, fixed 2.6.18-rc1) *CVE-2005-2872 version (kernel, fixed 2.6.12) *CVE-2005-2871 version (thunderbird) @@ -1361,14 +1361,14 @@ *CVE-2005-2547 version (bluez-pin, fixed 2.19) not before 2.16 *CVE-2005-2541 ignore (tar) is documented behaviour *CVE-2005-2500 version (kernel, fixed 2.6.13) -*CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) +CVE-2005-2498 version (php, fixed xml_rpc:1.4.0) *CVE-2005-2496 version (ntp, fixed 4.2.0b) *CVE-2005-2495 version (xorg-x11-server, fixed 0.99.3 at least) *CVE-2005-2494 version (kdebase, fixed after 3.4.2) *CVE-2005-2492 version (kernel, fixed 2.6.13.1) *CVE-2005-2491 version (pcre, fixed 6.2) *CVE-2005-2491 ignore (python) fc6 python does not contain pcre -*CVE-2005-2491 ignore (php) php uses system pcre +CVE-2005-2491 ignore (php) php uses system pcre *CVE-2005-2491 ignore (httpd) httpd uses system pcre *CVE-2005-2490 version (kernel, fixed 2.6.13.1) *CVE-2005-2475 backport (unzip) unzip-5.52-toctou.patch @@ -1422,7 +1422,7 @@ *CVE-2005-2100 version (kernel, not 2.6) not upstream only RHEL4 *CVE-2005-2099 version (kernel, fixed 2.6.12.5) *CVE-2005-2098 version (kernel, fixed 2.6.12.5) -*CVE-2005-2097 version (cups) +CVE-2005-2097 version (cups, fixed 1.2) *CVE-2005-2096 version (rpm, fixed 4.4.2) *CVE-2005-2096 backport (zlib, fixed 1.2.2.4) *CVE-2005-2095 version (squirrelmail, fixed 1.4.5) @@ -1431,17 +1431,17 @@ *CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180) *CVE-2005-2069 backport (openldap) openldap-2.2.13-tls-fix-connection-test.patch *CVE-2005-2023 version (gnupg, only 1.9.14) -*CVE-2005-1993 version (sudo, fixed 1.6.8p9) +CVE-2005-1993 version (sudo, fixed 1.6.8p9) *CVE-2005-1992 version (ruby, fixed 1.8.3 at least) *CVE-2005-1937 version (firefox, fixed 1.0.5) CVE-2005-1934 version (gaim, fixed gaim:1.5.0) -*CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) +CVE-2005-1921 version (php, fixed xml_rpc:1.3.1) *CVE-2005-1920 version (kdelibs, fixed 3.4.1) *CVE-2005-1918 version (tar) *CVE-2005-1913 version (kernel, fixed 2.6.12.2) *CVE-2005-1852 version (kdenetwork, fixed 3.4.2) *CVE-2005-1849 version (zlib, fixed 1.2.3) -*CVE-2005-1831 ignore (sudo) unsubstantiated report +CVE-2005-1831 ignore (sudo) unsubstantiated report *CVE-2005-1769 version (squirrelmail, fixed 1.4.5) *CVE-2005-1768 version (kernel, fixed 2.6.6) *CVE-2005-1767 version (kernel, fixed 2.6.7) @@ -1451,7 +1451,7 @@ *CVE-2005-1762 version (kernel, fixed 2.6.12) *CVE-2005-1761 version (kernel, fixed 2.6.12.2) *CVE-2005-1760 version (sysreport, fixed 1.4.1-3) -*CVE-2005-1759 ignore (php) dead code path +CVE-2005-1759 ignore (php) dead code path *CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used *CVE-2005-1753 (tomcat) *CVE-2005-1751 version (nmap, fixed 3.93 at least) @@ -1463,11 +1463,11 @@ *CVE-2005-1705 backport (gdb) gdb-6.3-security-errata-20050610.patch *CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least) *CVE-2005-1704 backport (gdb) gdb-6.3-security-errata-20050610.patch -*CVE-2005-1689 version (krb5, fixed 1.4.2) +CVE-2005-1689 version (krb5, fixed 1.4.2) *CVE-2005-1686 ignore (gedit) not a vulnerability *CVE-2005-1636 version (mysql, fixed 4.1.12) *CVE-2005-1589 version (kernel, fixed 2.6.11.10) -*CVE-2005-1571 version (php, fixed shtool 2.0.2) +CVE-2005-1571 version (php, fixed shtool 2.0.2) *CVE-2005-1544 version (libtiff, fixed 3.7.1 at least) *CVE-2005-1532 version (thunderbird) *CVE-2005-1532 version (firefox, fixed 1.0.4) @@ -1518,8 +1518,8 @@ *CVE-2005-1228 backport (gzip) changelog *CVE-2005-1194 backport (nasm) changelog *CVE-2005-1184 ignore (kernel) expected to not be an issue -*CVE-2005-1175 version (krb5, fixed 1.4.2) -*CVE-2005-1174 version (krb5, fixed 1.4.2) +CVE-2005-1175 version (krb5, fixed 1.4.2) +CVE-2005-1174 version (krb5, fixed 1.4.2) *CVE-2005-1160 version (thunderbird) *CVE-2005-1160 version (firefox) *CVE-2005-1159 version (thunderbird) @@ -1534,8 +1534,8 @@ *CVE-2005-1065 version (tetex) not upstream version *CVE-2005-1061 version (logwatch, fixed 4.3.2 at least) *CVE-2005-1046 version (kdelibs, fixed after 3.4.0) -*CVE-2005-1043 version (php, fixed 4.3.11) -*CVE-2005-1042 version (php, fixed 4.3.11) +CVE-2005-1043 version (php, fixed 4.3.11) +CVE-2005-1042 version (php, fixed 4.3.11) *CVE-2005-1041 version (kernel, fixed 2.6.12) *CVE-2005-1039 ignore (coreutils) not fixed upstream, not a real issue CVE-2005-1038 backport (vixie-cron) vixie-cron-4.1-CAN-2005-1038-fix-race.patch @@ -1593,7 +1593,7 @@ *CVE-2005-0611 (helixplayer) *CVE-2005-0605 version (libXpm, fixed 3.5.4 at least) *CVE-2005-0602 ignore (unzip, fixed 5.52) this is really expected behaviour -*CVE-2005-0596 version (php, fixed 5.0) +CVE-2005-0596 version (php, fixed 5.0) *CVE-2005-0593 version (firefox) *CVE-2005-0592 version (firefox) *CVE-2005-0591 version (firefox, fixed 1.0.1) @@ -1614,20 +1614,20 @@ *CVE-2005-0530 version (kernel, fixed 2.6.11) *CVE-2005-0529 version (kernel, fixed 2.6.11) *CVE-2005-0527 version (firefox, fixed 1.0.1) -*CVE-2005-0525 version (php, fixed 5.0.4) -*CVE-2005-0524 version (php, fixed 5.0.4) +CVE-2005-0525 version (php, fixed 5.0.4) +CVE-2005-0524 version (php, fixed 5.0.4) *CVE-2005-0509 version (mono, not after 1.0.5) *CVE-2005-0504 version (kernel, not 2.6) doesn't build in 2.6 *CVE-2005-0490 version (curl, fixed 7.13.1) *CVE-2005-0489 version (kernel, not 2.6) *CVE-2005-0488 backport (telnet) -*CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch +CVE-2005-0488 backport (krb5) krb5-1.4.1-telnet-environ.patch CVE-2005-0473 version (gaim, fixed gaim:1.5.0) CVE-2005-0472 version (gaim, fixed gaim:1.5.0) *CVE-2005-0470 version (wpa_supplicant, fixed 0.2.7) -*CVE-2005-0469 version (krb5, fixed 1.4.1) +CVE-2005-0469 version (krb5, fixed 1.4.1) *CVE-2005-0469 backport (telnet) telnet-0.17-CAN-2005-468_469.patch -*CVE-2005-0468 version (krb5, fixed 1.4.1) +CVE-2005-0468 version (krb5, fixed 1.4.1) *CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch *CVE-2005-0455 (helixplayer) *CVE-2005-0452 (perl) @@ -1728,10 +1728,10 @@ *CVE-2005-0069 version (vim, fixed 7.0 at least) *CVE-2005-0064 version (tetex, fixed 3.0) *CVE-2005-0064 version (kdegraphics, not 3.4) -*CVE-2005-0064 version (cups, fixed 1.2.2) +CVE-2005-0064 version (cups, fixed 1.2.2) *CVE-2005-0039 ignore (kernel) not a vulnerability: don't do this says the rfc -*CVE-2005-0034 version (bind, fixed after 9.3.0) -*CVE-2005-0033 version (bind, not 9) +CVE-2005-0034 version (bind, fixed after 9.3.0) +CVE-2005-0033 version (bind, not 9) *CVE-2005-0023 ignore (libvte) not a security risk *CVE-2005-0022 (exim) *CVE-2005-0014 version (ncpfs, fixed 2.2.6) @@ -1770,7 +1770,7 @@ *CVE-2004-2228 version (firefox, fixed 1.0) *CVE-2004-2227 version (firefox, fixed 1.0) *CVE-2004-2225 version (firefox, fixed 0.10.1) -*CVE-2004-2154 version (cups, fixed 1.2.21rc1) +CVE-2004-2154 version (cups, fixed 1.1.21rc1) *CVE-2004-2149 version (mysql, fixed 4.1.5) *CVE-2004-2136 ignore (dm-crypt) design *CVE-2004-2135 ignore (kernel) design @@ -1784,7 +1784,7 @@ *CVE-2004-1773 version (sharutils, not 4.6) *CVE-2004-1772 version (sharutils, not 4.6) *CVE-2004-1761 version (wireshark, fixed 0.10.3) -*CVE-2004-1689 version (sudo, fixed 1.6.8p1) +CVE-2004-1689 version (sudo, fixed 1.6.8p1) CVE-2004-1653 ignore (openssh) *CVE-2004-1639 version (firefox) *CVE-2004-1617 ignore (lynx) not able to verify flaw @@ -1798,7 +1798,7 @@ *CVE-2004-1450 version (firefox) *CVE-2004-1449 version (thunderbird) *CVE-2004-1449 version (firefox) -*CVE-2004-1392 version (php, fixed 5.0.4) +CVE-2004-1392 version (php, fixed 5.0.4) *CVE-2004-1382 version (glibc, not 2.3.5) *CVE-2004-1381 version (firefox) *CVE-2004-1380 version (firefox) @@ -1812,12 +1812,12 @@ *CVE-2004-1308 version (libtiff, fixed 3.7.1 at least) *CVE-2004-1307 version (libtiff, was already fixed with 0886) *CVE-2004-1304 version (file, fixed 4.12) -*CVE-2004-1296 backport (groff) from srpm +CVE-2004-1296 backport (groff) patch groff-1.18.1.1-tempfile.patch *CVE-2004-1287 backport (nasm) changelog -*CVE-2004-1270 version (cups, fixed 1.1.23) -*CVE-2004-1269 version (cups, fixed 1.1.23) -*CVE-2004-1268 version (cups, fixed 1.1.23) -*CVE-2004-1267 version (cups, fixed 1.1.23) +CVE-2004-1270 version (cups, fixed 1.1.23) +CVE-2004-1269 version (cups, fixed 1.1.23) +CVE-2004-1268 version (cups, fixed 1.1.23) +CVE-2004-1267 version (cups, fixed 1.1.23) *CVE-2004-1237 version (kernel, not 2.6) not upstream *CVE-2004-1235 version (kernel, fixed 2.6.11) *CVE-2004-1234 version (kernel, not 2.6) @@ -1825,7 +1825,7 @@ *CVE-2004-1200 ignore (firefox, mozilla) not a security issue *CVE-2004-1191 version (kernel, fixed 2.6.9) *CVE-2004-1190 version (kernel, fixed 2.6.10) -*CVE-2004-1189 version (krb5, fixed 1.4) +CVE-2004-1189 version (krb5, fixed 1.4) *CVE-2004-1186 backport (enscript) enscript-1.6.1-CAN-2004-1186.patch *CVE-2004-1185 backport (enscript) enscript-1.6.1-CAN-2004-1185.patch *CVE-2004-1184 version (enscript, fixed 1.6.4 at least) @@ -1867,20 +1867,20 @@ *CVE-2004-1070 version (kernel, fixed 2.6.10) *CVE-2004-1069 version (kernel, fixed 2.6.10) *CVE-2004-1068 version (kernel, fixed 2.6.10) -*CVE-2004-1065 version (php, fixed after 5.0.2) -*CVE-2004-1064 version (php, fixed after 5.0.2) -*CVE-2004-1063 version (php, fixed after 5.0.2) +CVE-2004-1065 version (php, fixed after 5.0.2) +CVE-2004-1064 version (php, fixed after 5.0.2) +CVE-2004-1063 version (php, fixed after 5.0.2) *CVE-2004-1060 version (kernel) all verifies sequence number *CVE-2004-1058 version (kernel, fixed 2.6.9) *CVE-2004-1057 version (kernel, fixed 2.6.10) *CVE-2004-1056 version (kernel, fixed 2.6.10) -*CVE-2004-1051 version (sudo, fixed 1.6.8p2) +CVE-2004-1051 version (sudo, fixed 1.6.8p2) *CVE-2004-1036 version (squirrelmail, fixed 1.4.4) *CVE-2004-1026 patch (imlib, fixed 1.9.15-2) #235416 *CVE-2004-1025 patch (imlib, fixed 1.9.15-2) #235416 -*CVE-2004-1020 version (php, fixed after 5.0.2) -*CVE-2004-1019 version (php, fixed after 5.0.2) -*CVE-2004-1018 version (php, fixed after 5.0.2) +CVE-2004-1020 version (php, fixed after 5.0.2) +CVE-2004-1019 version (php, fixed after 5.0.2) +CVE-2004-1018 version (php, fixed after 5.0.2) *CVE-2004-1017 version (kernel, fixed 2.6.10) *CVE-2004-1016 version (kernel, fixed 2.6.10) *CVE-2004-1014 version (nfs-utils, fixed 1.0.7) @@ -1902,16 +1902,16 @@ *CVE-2004-0975 backport (openssl097a, fixed 0.9.7f) *CVE-2004-0974 version (netatalk, fixed 2.0.1) *CVE-2004-0972 version (lvm2, fixed 2.2.01.8 at least) -*CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch +CVE-2004-0971 backport (krb5) krb5-1.3.4-send-pr-tempfile.patch *CVE-2004-0970 version (gzip) -*CVE-2004-0969 version (groff, fixed 1.18.1.1) +CVE-2004-0969 version (groff, fixed 1.18.1.1) *CVE-2004-0968 version (glibc, fixed 2.3.5 at least) *CVE-2004-0967 version (ghostscript, fixed 8.15.1) *CVE-2004-0966 version (gettext, fixed 0.14.3 at least) *CVE-2004-0961 version (freeradius, fixed 1.0.1) *CVE-2004-0960 version (freeradius, fixed 1.0.1) -*CVE-2004-0959 version (php, fixed 4.3.9) -*CVE-2004-0958 version (php, fixed 4.3.9) +CVE-2004-0959 version (php, fixed 4.3.9) +CVE-2004-0958 version (php, fixed 4.3.9) *CVE-2004-0957 version (mysql, fixed 4.0.21) *CVE-2004-0956 version (mysql, fixed 4.0.20) *CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6) @@ -1921,7 +1921,7 @@ *CVE-2004-0938 version (freeradius, fixed 1.0.1) *CVE-2004-0930 version (samba, fixed 3.0.8) *CVE-2004-0929 version (libtiff, fixed 3.7.0) -*CVE-2004-0923 version (cups, fixed 1.2.22) +CVE-2004-0923 version (cups, fixed 1.1.22) CVE-2004-0918 version (squid, fixed 2.4.STABLE7) *CVE-2004-0914 version (xorg-x11, fixed after 6.8.1) *CVE-2004-0909 version (thunderbird) @@ -1933,7 +1933,7 @@ CVE-2004-0891 version (gaim, fixed gaim:1.0.2) *CVE-2004-0888 version (tetex, fixed 3.0) *CVE-2004-0888 version (kdegraphics, not 3.4) -*CVE-2004-0888 version (cups) +*CVE-2004-0888 version (cups, fixed 1.2) *CVE-2004-0887 version (kernel, fixed 2.6.10) *CVE-2004-0886 version (libtiff, fixed 3.7.1 at least) *CVE-2004-0886 version (kdegraphics, fixed by Update on 20041109) @@ -1982,7 +1982,7 @@ *CVE-2004-0779 version (thunderbird) *CVE-2004-0779 version (firefox) *CVE-2004-0778 version (cvs, fixed 1.11.17) -*CVE-2004-0772 version (krb5, fixed after 1.2.8) +CVE-2004-0772 version (krb5, fixed after 1.2.8) *CVE-2004-0768 version (libpng, fixed 1.2.6) *CVE-2004-0755 version (ruby, fixed 1.8.1) CVE-2004-0754 version (gaim, fixed gaim:0.82.1) @@ -2006,9 +2006,9 @@ *CVE-2004-0658 ignore (kernel) not a security issue *CVE-2004-0648 version (thunderbird) *CVE-2004-0648 version (firefox) -*CVE-2004-0644 version (krb5, fixed after 1.3.4) -*CVE-2004-0643 version (krb5, fixed after 1.3.1) -*CVE-2004-0642 version (krb5, fixed after 1.3.4) +CVE-2004-0644 version (krb5, fixed after 1.3.4) +CVE-2004-0643 version (krb5, fixed after 1.3.1) +CVE-2004-0642 version (krb5, fixed after 1.3.4) *CVE-2004-0639 version (squirrelmail, fixed after 1.2.10) *CVE-2004-0635 version (wireshark, fixed 0.10.5) *CVE-2004-0634 version (wireshark, fixed 0.10.5) @@ -2023,11 +2023,11 @@ *CVE-2004-0599 version (libpng, fixed 1.2.6) *CVE-2004-0598 version (libpng, fixed 1.2.6) *CVE-2004-0597 version (libpng, fixed 1.2.6) -*CVE-2004-0595 version (php, fixed 4.3.8) -*CVE-2004-0594 version (php, fixed 4.3.8) +CVE-2004-0595 version (php, fixed 4.3.8) +CVE-2004-0594 version (php, fixed 4.3.8) *CVE-2004-0592 version (kernel) not upstream flaw *CVE-2004-0587 version (kernel) not upstream flaw -*CVE-2004-0558 version (cups, fixed 1.1.21) +CVE-2004-0558 version (cups, fixed 1.1.21) *CVE-2004-0557 version (sox, fixed after 12.17.4) *CVE-2004-0554 version (kernel, fixed 2.6.7) *CVE-2004-0550 (helixplayer) @@ -2036,7 +2036,7 @@ CVE-2004-0541 version (squid, fixed 2.5.STABLE6) *CVE-2004-0535 version (kernel, fixed 2.6.6) *CVE-2004-0527 version (konqueror, not 3+) -*CVE-2004-0523 version (krb5, fixed 1.3.4) +CVE-2004-0523 version (krb5, fixed 1.3.4) *CVE-2004-0521 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0520 version (squirrelmail, fixed 1.4.3a) *CVE-2004-0519 version (squirrelmail, fixed 1.4.3a) @@ -2071,7 +2071,7 @@ *CVE-2004-0413 version (subversion, fixed 1.0.5) *CVE-2004-0412 version (mailman, fixed 2.1.5) *CVE-2004-0411 version (kdelibs, fixed 3.3) -*CVE-2004-0409 version (xchat, fixed 2.0.9) +CVE-2004-0409 version (xchat, fixed 2.0.9) *CVE-2004-0405 version (cvs, fixed 1.11) *CVE-2004-0403 version (racoon, fixed ipsec-tools-0.6.5 at least) *CVE-2004-0398 version (neon, fixed 0.24.6) @@ -2084,7 +2084,7 @@ *CVE-2004-0381 version (mysql, fixed 4.1.11 at least) *CVE-2004-0367 version (wireshark, fixed 0.10.3) *CVE-2004-0365 version (wireshark, fixed 0.10.3) -*CVE-2004-0263 version (php, fixed 4.3.5) +CVE-2004-0263 version (php, fixed 4.3.5) *CVE-2004-0256 version (libtool, fixed 1.5.2) *CVE-2004-0233 version (libutempter, fixed 0.5.5) *CVE-2004-0232 version (mc, fixed 4.6.0) @@ -2107,7 +2107,7 @@ *CVE-2004-0177 version (kernel, fixed 2.6.6) *CVE-2004-0176 version (wireshark, fixed 0.10.3) CVE-2004-0175 version (openssh, fixed 3.4p1) -*CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch +CVE-2004-0175 backport (krb5) krb5-1.3.3-rcp-markus.patch *CVE-2004-0174 version (httpd, not 2.2) *CVE-2004-0173 version (httpd, not 2.2) *CVE-2004-0164 version (racoon) @@ -2124,7 +2124,7 @@ *CVE-2004-0108 version (sysstat) *CVE-2004-0107 version (sysstat, fixed after 4.0.7) *CVE-2004-0106 version (XFree86) -*CVE-2004-0098 version (php) +CVE-2004-0098 ignore (php) no security implications *CVE-2004-0097 version (pwlib, fixed 1.6.0) *CVE-2004-0096 version (mod_python, fixed after 2.7.9) *CVE-2004-0094 version (XFree86, fixed 4.3.0) @@ -2151,9 +2151,9 @@ *CVE-2004-0003 version (kernel, not 2.6) *CVE-2004-0001 version (kernel, not 2.6) CVE-2003-1329 ignore, no-ship (wu-ftpd) -*CVE-2003-1307 ignore (mod_php) not a vulnerability -*CVE-2003-1303 version (php, fixed 4.3.3) -*CVE-2003-1302 version (php, fixed 4.3.1) +CVE-2003-1307 ignore (mod_php) not a vulnerability +CVE-2003-1303 version (php, fixed 4.3.3) +CVE-2003-1302 version (php, fixed 4.3.1) *CVE-2003-1295 (xscreensaver) *CVE-2003-1294 (xscreensaver) *CVE-2003-1265 VULNERABLE (thunderbird) https://bugzilla.mozilla.org/show_bug.cgi?id=198442 @@ -2196,14 +2196,14 @@ *CVE-2003-0926 version (wireshark, fixed 0.9.16) *CVE-2003-0925 version (wireshark, fixed 0.9.16) *CVE-2003-0924 version (netpbm, fixed 9.26) -*CVE-2003-0914 version (bind, not 9) +CVE-2003-0914 version (bind, not 9) *CVE-2003-0901 version (postgresql, not 8) *CVE-2003-0900 version (perl, only 5.8.1) *CVE-2003-0885 (xscreensaver) *CVE-2003-0865 version (tomcat, fixed after 4.0.3) -*CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html -*CVE-2003-0861 version (php, fixed 4.3.3) -*CVE-2003-0860 version (php, fixed 4.3.3) +CVE-2003-0863 ignore (php) http://lists.nyphp.org/pipermail/talk/2003-November/006392.html +CVE-2003-0861 version (php, fixed 4.3.3) +CVE-2003-0860 version (php, fixed 4.3.3) *CVE-2003-0859 version (glibc, checked fc5 source) *CVE-2003-0858 version (quagga, fixed 0.95) *CVE-2003-0856 version (iproute) @@ -2216,7 +2216,7 @@ *CVE-2003-0793 version (gdm, fixed 2.4.1.7) *CVE-2003-0792 version (fetchmail, 6.2.4 only) *CVE-2003-0789 version (httpd, not 2.2) -*CVE-2003-0788 version (cups, fixed 1.1.19) +CVE-2003-0788 version (cups, fixed 1.1.19) CVE-2003-0787 version (openssh, fixed 3.7.1p2) CVE-2003-0786 version (openssh, fixed 3.7.1p2) *CVE-2003-0780 version (mysql, not 4.1) @@ -2275,7 +2275,7 @@ *CVE-2003-0461 version (kernel, fixed 2.6.1) *CVE-2003-0459 version (kdelibs, not 3.2) *CVE-2003-0455 version (ImageMagick) -*CVE-2003-0442 version (php, fixed 4.3.2) +CVE-2003-0442 version (php, fixed 4.3.2) *CVE-2003-0432 version (wireshark, fixed after 0.9.12) *CVE-2003-0431 version (wireshark, fixed after 0.9.12) *CVE-2003-0430 version (wireshark, fixed after 0.9.12) @@ -2301,7 +2301,7 @@ *CVE-2003-0253 version (httpd, not 2.2) *CVE-2003-0252 version (nfs-utils, fixed 1.0.4) *CVE-2003-0251 version (ypserv, fixed 2.7) -*CVE-2003-0249 ignore (php) see CVE +CVE-2003-0249 ignore (php) see CVE *CVE-2003-0248 version (kernel, not 2.6) *CVE-2003-0247 version (kernel, not 2.6) *CVE-2003-0246 version (kernel, not 2.6) @@ -2312,7 +2312,7 @@ *CVE-2003-0204 version (kde, fixed after 3.1.1) *CVE-2003-0201 version (samba, fixed 2.2.8a) *CVE-2003-0196 version (samba, fixed 2.2.8a) -*CVE-2003-0195 version (cups, fixed 1.1.19) +CVE-2003-0195 version (cups, fixed 1.1.19) *CVE-2003-0194 version (tcpdump, not upstream) *CVE-2003-0192 version (httpd, not 2.2) CVE-2003-0190 version (openssh, fixed after 3.6.1p1) @@ -2320,7 +2320,7 @@ *CVE-2003-0188 version (lv, fixed 4.51 at least) *CVE-2003-0187 version (kernel, not 2.6) *CVE-2003-0167 version (mutt, fixed 1.4.1) -*CVE-2003-0166 version (php, fixed 4.3.2) +CVE-2003-0166 version (php, fixed 4.3.2) *CVE-2003-0165 version (eog, fixed 2.2.2) *CVE-2003-0161 version (sendmail, fixed 8.12.9) *CVE-2003-0160 version (squirrelmail, fixed 1.2.11) @@ -2331,8 +2331,8 @@ *CVE-2003-0146 version (netpbm, fixed 10.18) *CVE-2003-0145 version (tcpdump, fixed 3.7.2) *CVE-2003-0140 version (mutt, fixed 1.4.1) -*CVE-2003-0139 version (krb5, fixed 1.3) -*CVE-2003-0138 version (krb5, fixed 1.3) +CVE-2003-0139 version (krb5, fixed 1.3) +CVE-2003-0138 version (krb5, fixed 1.3) *CVE-2003-0135 version (vsftpd, not upstream) *CVE-2003-0133 version (evolution, fixed 1.2.4) *CVE-2003-0132 version (httpd, not 2.2) @@ -2346,28 +2346,28 @@ *CVE-2003-0108 version (tcpdump, fixed after 3.7.1) *CVE-2003-0107 version (zlib, fixed 1.2.0.2 at least) *CVE-2003-0102 version (file, fixed 3.41) -*CVE-2003-0097 version (php, fixed 4.3.1) +CVE-2003-0097 version (php, fixed 4.3.1) *CVE-2003-0093 version (tcpdump, fixed 3.7.2) *CVE-2003-0086 version (samba, fixed 2.2.8) *CVE-2003-0085 version (samba, fixed 2.2.8) *CVE-2003-0083 version (httpd, not 2.2) -*CVE-2003-0082 version (krb5, fixed after 1.2.7) +CVE-2003-0082 version (krb5, fixed after 1.2.7) *CVE-2003-0081 version (wireshark, fixed after 0.9.9) *CVE-2003-0078 version (openssl, not 0.9.8) *CVE-2003-0078 version (openssl097a, fixed 0.9.7a) *CVE-2003-0073 version (mysql, fixed 3.23.55) -*CVE-2003-0072 version (krb5, fixed after 1.2.7) +CVE-2003-0072 version (krb5, fixed after 1.2.7) *CVE-2003-0071 version (xorg-x11, fixed in 6.8.2 at least) *CVE-2003-0070 version (vte, fixed 0.11.1 at least) *CVE-2003-0063 version (xorg-x11, fixed in 4.2.99 at least) -*CVE-2003-0060 version (krb5, fixed 1.2.5) -*CVE-2003-0059 version (krb5, fixed 1.2.5) -*CVE-2003-0058 version (krb5, fixed 1.2.5) +CVE-2003-0060 version (krb5, fixed 1.2.5) +CVE-2003-0059 version (krb5, fixed 1.2.5) +CVE-2003-0058 version (krb5, fixed 1.2.5) *CVE-2003-0044 version (tomcat, fixed after 3.3.1a) *CVE-2003-0043 version (tomcat, fixed 3.3.1a) -*CVE-2003-0041 version (krb5, fixed after 1.2.7) +CVE-2003-0041 version (krb5, fixed after 1.2.7) *CVE-2003-0038 version (mailman, fixed 2.0.13 at least) -*CVE-2003-0028 version (krb5, fixed after 1.2.7) +CVE-2003-0028 version (krb5, fixed after 1.2.7) *CVE-2003-0028 version (glibc, fixed after 2.3.1) *CVE-2003-0026 version (dhcp, fixed 3.0.1) *CVE-2003-0020 version (httpd, not 2.2) @@ -2377,9 +2377,9 @@ *CVE-2003-0016 version (httpd, not 2.2) *CVE-2003-0015 version (cvs, fixed 1.11.5) *CVE-2003-0001 version (kernel, not 2.6) -*CVE-2002-2215 version (php, fixed 4.3.0) -*CVE-2002-2214 version (php, fixed 4.2.2) -*CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 +CVE-2002-2215 version (php, fixed 4.3.0) +CVE-2002-2214 version (php, fixed 4.2.2) +CVE-2002-2211 ignore (bind) see http://www.kb.cert.org/vuls/id/457875 *CVE-2002-2210 ignore (openoffice) binary install only (not rpm install) *CVE-2002-2204 ignore (rpm) by design *CVE-2002-2196 version (samba, fixed 2.2.5) @@ -2399,7 +2399,7 @@ *CVE-2002-1827 version (sendmail, fixed after 8.12.3) *CVE-2002-1814 ignore (libbonobo) not shipped setuid *CVE-2002-1793 version (mod_ssl) not upstream, only hp -*CVE-2002-1783 version (php, fixed after 4.2.3) +CVE-2002-1783 version (php, fixed after 4.2.3) *CVE-2002-1765 version (evolution, fixed 1.0.5) *CVE-2002-1658 ignore (httpd) not a vulnerability *CVE-2002-1657 ignore (postgresql) upstream disagree @@ -2433,13 +2433,13 @@ *CVE-2002-1399 version (postgresql, fixed 7.2.3) *CVE-2002-1398 version (postgresql, fixed 7.2.2) *CVE-2002-1397 version (postgresql, fixed 7.2.3) -*CVE-2002-1396 version (php, fixed 4.3.0) +CVE-2002-1396 version (php, fixed 4.3.0) *CVE-2002-1394 version (tomcat, fixed 4.0.6) *CVE-2002-1393 version (kde, fixed 3.0.5a) *CVE-2002-1392 version (mgetty, fixed 1.1.29) *CVE-2002-1391 version (mgetty, fixed 1.1.29) -*CVE-2002-1384 version (cups, fixed 1.1.18) -*CVE-2002-1383 version (cups, fixed 1.1.18) +CVE-2002-1384 version (cups, fixed 1.1.18) +CVE-2002-1383 version (cups, fixed 1.1.18) *CVE-2002-1380 version (kernel, not 2.6) *CVE-2002-1379 version (openldap, not 2.3.24+) *CVE-2002-1378 version (openldap, not 2.3.24+) @@ -2448,12 +2448,12 @@ *CVE-2002-1375 version (mysql, fixed 4.0.6) *CVE-2002-1374 version (mysql, fixed 4.0.6) *CVE-2002-1373 version (mysql, fixed 3.23.54) -*CVE-2002-1372 version (cups, fixed 1.1.18) -*CVE-2002-1371 version (cups, fixed 1.1.18) -*CVE-2002-1369 version (cups, fixed 1.1.18) -*CVE-2002-1368 version (cups, fixed 1.1.18) -*CVE-2002-1367 version (cups, fixed 1.1.18) -*CVE-2002-1366 version (cups, fixed 1.1.18) +CVE-2002-1372 version (cups, fixed 1.1.18) +CVE-2002-1371 version (cups, fixed 1.1.18) +CVE-2002-1369 version (cups, fixed 1.1.18) +CVE-2002-1368 version (cups, fixed 1.1.18) +CVE-2002-1367 version (cups, fixed 1.1.18) +CVE-2002-1366 version (cups, fixed 1.1.18) *CVE-2002-1365 version (fetchmail, fixed 6.2.0) *CVE-2002-1363 version (libpng, fixed 1.2.6) *CVE-2002-1356 version (wireshark, fixed after 0.9.7) @@ -2474,15 +2474,15 @@ *CVE-2002-1281 version (kde, fixed 3.0.5) *CVE-2002-1276 version (squirrelmail, fixed 1.4.2) *CVE-2002-1247 version (kdenetwork, fixed 3.0.5) -*CVE-2002-1235 version (krb5, fixed after 1.2.6) +CVE-2002-1235 version (krb5, fixed after 1.2.6) *CVE-2002-1233 ignore (httpd) Debian regression *CVE-2002-1232 version (ypserv, fixed 2.5) *CVE-2002-1227 version (pam, only 0.76) *CVE-2002-1224 version (kde, fixed 3.0.4) *CVE-2002-1223 version (kdegraphics, fixed 3.0.4) -*CVE-2002-1221 version (bind, not 9) -*CVE-2002-1220 version (bind, not 9) -*CVE-2002-1219 version (bind, not 9) +CVE-2002-1221 version (bind, not 9) +CVE-2002-1220 version (bind, not 9) +CVE-2002-1219 version (bind, not 9) *CVE-2002-1217 version (tar, fixed 1.13.25) *CVE-2002-1175 version (fetchmail, fixed 6.2.0) *CVE-2002-1174 version (fetchmail, fixed 6.2.0) @@ -2495,12 +2495,12 @@ *CVE-2002-1151 version (kdenetwork, fixed 3.0.3a) *CVE-2002-1148 version (tomcat, fixed 4.0.5) *CVE-2002-1146 version (glibc, fixed 2.2.6) -*CVE-2002-1146 version (bind, not 8.3+) +CVE-2002-1146 version (bind, not 8.3+) *CVE-2002-1131 version (squirrelmail, fixed 1.2.8) *CVE-2002-1119 version (python, fixed 2.2.2) CVE-2002-0989 version (gaim, fixed gaim:0.59.1) -*CVE-2002-0986 version (php, fixed 4.2.3) -*CVE-2002-0985 version (php, fixed 4.2.3) +CVE-2002-0986 version (php, fixed 4.2.3) +CVE-2002-0985 version (php, fixed 4.2.3) *CVE-2002-0972 version (postgresql, fixed 7.2.2) *CVE-2002-0970 version (kdenetwork, fixed 3.0.3) *CVE-2002-0935 version (tomcat, fixed 4.1.3) @@ -2524,7 +2524,7 @@ *CVE-2002-0760 version (bzip2, fixed 1.0.2) *CVE-2002-0759 version (bzip2, fixed 1.0.2) *CVE-2002-0728 version (libpng, fixed 1.2.4) -*CVE-2002-0717 version (php, fixed 4.2.2) +CVE-2002-0717 version (php, fixed 4.2.2) CVE-2002-0715 version (squid, fixed 2.4.STABLE6) CVE-2002-0714 version (squid, fixed 2.4.STABLE6) CVE-2002-0713 version (squid, fixed 2.4.STABLE6) @@ -2543,7 +2543,7 @@ *CVE-2002-0655 version (openssl, not 0.9.8) *CVE-2002-0655 version (openssl097a, not 0.9.7) *CVE-2002-0653 version (mod_ssl, not httpd 2.2) -*CVE-2002-0651 version (bind, not 9) +CVE-2002-0651 version (bind, not 9) CVE-2002-0640 version (openssh, fixed after 3.3) CVE-2002-0639 version (openssh, fixed after 3.3) *CVE-2002-0638 version (util-linux, fixed 2.13 at least) @@ -2562,15 +2562,15 @@ *CVE-2002-0403 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0402 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0401 version (wireshark, fixed ethereal 0.9.3) -*CVE-2002-0400 version (bind, fixed 9.2.1) +CVE-2002-0400 version (bind, fixed 9.2.1) *CVE-2002-0399 version (tar, fixed 1.13.26) *CVE-2002-0392 version (httpd, not 2.2) -*CVE-2002-0391 version (krb5, fixed after 1.2.5) +CVE-2002-0391 version (krb5, fixed after 1.2.5) *CVE-2002-0391 version (glibc, fixed after 2.2.5) *CVE-2002-0389 ignore (mailman) upstream say not a vulnerability *CVE-2002-0388 version (mailman, fixed 2.0.11) CVE-2002-0384 version (gaim, fixed gaim:0.58) -*CVE-2002-0382 version (xchat, fixed 1.9.1) +CVE-2002-0382 version (xchat, fixed 1.9.1) *CVE-2002-0380 version (tcpdump, fixed 3.7.2 at least) *CVE-2002-0379 version (imap, vuln code removed imap-2002) CVE-2002-0377 version (gaim, fixed gaim:0.58) @@ -2579,12 +2579,12 @@ *CVE-2002-0353 version (wireshark, fixed ethereal 0.9.3) *CVE-2002-0342 version (kde, not 2.2+) *CVE-2002-0318 version (freeradius, fixed 0.7) -*CVE-2002-0253 ignore (php) not a vulnerability -*CVE-2002-0240 ignore (php) windows only +CVE-2002-0253 ignore (php) not a vulnerability +CVE-2002-0240 ignore (php) windows only *CVE-2002-0232 version (mrtg, not 2.11.1 at least) -*CVE-2002-0229 version (php) +CVE-2002-0229 ignore (php) safe mode isn't safe *CVE-2002-0185 version (mod_python, fixed 2.7.7) -*CVE-2002-0184 version (sudo, fixed 1.6.6) +CVE-2002-0184 version (sudo, fixed 1.6.6) *CVE-2002-0180 version (webalizer, fixed 2.01-10) *CVE-2002-0169 ignore (docbook) was RHL only *CVE-2002-0165 version (logwatch, fixed 2.6) @@ -2595,16 +2595,16 @@ *CVE-2002-0146 version (fetchmail, fixed 5.9.10) *CVE-2002-0130 ignore (efax) not setuid root *CVE-2002-0129 ignore (efax) not setuid root -*CVE-2002-0121 version (php, fixed after 4.1.1) +CVE-2002-0121 version (php, fixed after 4.1.1) *CVE-2002-0092 version (cve, fixed 1.10.8) CVE-2002-0083 version (openssh, fixed 3.1) *CVE-2002-0082 version (mod_ssl, not httpd 2.2) -*CVE-2002-0081 version (php, not 4.2+) +CVE-2002-0081 version (php, not 4.2+) CVE-2002-0080 version (rsync, fixed 2.5.3) CVE-2002-0069 version (squid, fixed 2.4STABLE4) CVE-2002-0068 version (squid, fixed 2.4STABLE4) CVE-2002-0067 version (squid, fixed 2.4STABLE4) -*CVE-2002-0063 version (cups, fixed 1.1.14) +CVE-2002-0063 version (cups, fixed 1.1.14) *CVE-2002-0062 version (ncurses, only 5.0) *CVE-2002-0060 version (kernel, fixed 2.5.5) *CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, vnc) @@ -2614,14 +2614,14 @@ *CVE-2002-0046 version (kernel, fixed 2.4.0) *CVE-2002-0045 version (openldap, fixed 2.0.20) *CVE-2002-0044 version (enscript, fixed 1.6.4 at least) -*CVE-2002-0043 version (sudo, fixed 1.6.4) -*CVE-2002-0036 version (krb5, fixed 1.2.5) -*CVE-2002-0029 version (bind, not 9) +CVE-2002-0043 version (sudo, fixed 1.6.4) +CVE-2002-0036 version (krb5, fixed 1.2.5) +CVE-2002-0029 version (bind, not 9) CVE-2002-0013 version (net-snmp, fixed 4.2.3) CVE-2002-0012 version (net-snmp, fixed 4.2.3) -*CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong +CVE-2002-0006 verison (xchat, fixed 1.8.7) cve is wrong CVE-2002-0004 backport (at) issue was in a patch, fixed at-3.1.8-11-lexer-parser.diff -*CVE-2002-0003 version (groff, fixed 1.17.2) +CVE-2002-0003 version (groff, fixed 1.17.2) *CVE-2002-0002 version (stunnel, fixed 3.22) *CVE-2002-0001 version (mutt, fixed 1.3.25) *CVE-2001-1494 version (util-linux, fixed 2.11n) @@ -2641,4 +2641,4 @@ CVE-1999-0997 ignore, no-ship (wu-ftpd) CVE-1999-0710 version (squid, fixed 2.5.STABLE10) CVE-1999-0473 version (rsync, fixed 2.3.1) -*CVE-1999-0103 (bind) +CVE-1999-0103 ignore (bind) this is the nature of UDP -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Fri Jun 29 15:37:27 2007 From: fedora-extras-commits at redhat.com (Lubomir Kundrak (lkundrak)) Date: Fri, 29 Jun 2007 11:37:27 -0400 Subject: fedora-security/audit fc7,1.28,1.29 Message-ID: <200706291537.l5TFbRCG029311@cvs-int.fedora.redhat.com> Author: lkundrak Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29289 Modified Files: fc7 Log Message: gd, wireshark, gimp Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- fc7 28 Jun 2007 23:20:00 -0000 1.28 +++ fc7 29 Jun 2007 15:37:23 -0000 1.29 @@ -4,11 +4,20 @@ *CVE are items that need verification for Fedora 7 -CVE-2007-1663 VULNERABLE (ekg) -CVE-2007-1664 VULNERABLE (ekg) -CVE-2007-1665 VULNERABLE (ekg) CVE-2007-4168 VULNERABLE (libexif) #243890 +CVE-2007-3472 ** (gd) +CVE-2007-3473 ** (gd) +CVE-2007-3474 ** (gd) +CVE-2007-3475 ** (gd) +CVE-2007-3476 ** (gd) +CVE-2007-3477 ** (gd) +CVE-2007-3478 ** (gd) CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 +CVE-2007-3393 VULNERABLE (wireshark) +CVE-2007-3392 VULNERABLE (wireshark) +CVE-2007-3391 VULNERABLE (wireshark) +CVE-2007-3390 VULNERABLE (wireshark) +CVE-2007-3389 VULNERABLE (wireshark) CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 @@ -21,6 +30,7 @@ CVE-2007-3152 version (c-ares, fixed 1.4.0) #243591 CVE-2007-3145 VULNERABLE (galeon) ** CVE-2007-3140 ** (wordpress) #245211 +CVE-2007-3126 ignore (gimp) just a crash CVE-2007-3123 VULNERABLE (clamav, fixed 0.90.3) #245219 CVE-2007-3122 VULNERABLE (clamav, fixed 0.90.3) #245219 *CVE-2007-3121 version (zvbi, fixed 0.2.25) @@ -118,6 +128,9 @@ CVE-2007-1710 version (php, fixed 5.2.2) CVE-2007-1709 ignore (php) no security impact *CVE-2007-1667 (xorg-x11) +CVE-2007-1665 VULNERABLE (ekg) +CVE-2007-1664 VULNERABLE (ekg) +CVE-2007-1663 VULNERABLE (ekg) CVE-2007-1649 version (php, fixed 5.2.2) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Sat Jun 30 07:59:43 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sat, 30 Jun 2007 03:59:43 -0400 Subject: fedora-security/audit fc7,1.29,1.30 Message-ID: <200706300759.l5U7xhCY020868@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20850 Modified Files: fc7 Log Message: libpng10, jasper checked Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.29 retrieving revision 1.30 diff -u -r1.29 -r1.30 --- fc7 29 Jun 2007 15:37:23 -0000 1.29 +++ fc7 30 Jun 2007 07:59:40 -0000 1.30 @@ -58,7 +58,7 @@ CVE-2007-2768 ignore (openssh) needs pam OPIE which is not shipped. *CVE-2007-2756 ignore (gd) DoS only *CVE-2007-2754 (freetype) -*CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 +CVE-2007-2721 patch (jasper, fixed 1.900.1-2) #240397 *CVE-2007-2683 (mutt) *CVE-2007-2654 VULNERABLE (xfsdump) #240396 CVE-2007-2650 VULNERABLE (clamav, fixed in 0.90.3) #240395 @@ -80,7 +80,7 @@ CVE-2007-2448 VULNERABLE (subversion, fixed 1.4.4) #243856 *CVE-2007-2447 (samba) *CVE-2007-2446 (samba) -*CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 +CVE-2007-2445 version (libpng10, fixed 1.0.25) #240398 *CVE-2007-2444 (samba) *CVE-2007-2438 VULNERABLE (vim) #238734 *CVE-2007-2437 ignore (xorg-x11) DoS only @@ -436,7 +436,7 @@ *CVE-2006-5823 version (kernel, fixed 2.6.19.2) [since FEDORA-2007-058] was backport since FEDORA-2006-1223 *CVE-2006-5815 version (proftpd, fixed 1.3.0a) #214820 CVE-2006-5794 version (openssh, fixed 4.5) #214641 [since FEDORA-2006-1215] -*CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 +CVE-2006-5793 version (libpng10, fixed 1.0.21) #216263 *CVE-2006-5793 ignore (libpng, fixed 1.2.13) just a client crash *CVE-2006-5783 ignore (firefox) disputed *CVE-2006-5779 VULNERABLE (openldap, 2.3.29) #214768 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From ville.skytta at iki.fi Sat Jun 30 08:09:26 2007 From: ville.skytta at iki.fi (Ville =?iso-8859-1?q?Skytt=E4?=) Date: Sat, 30 Jun 2007 11:09:26 +0300 Subject: Security Response product in Bugzilla, add-tracking-bugs? Message-ID: <200706301109.26616.ville.skytta@iki.fi> Hi, Is the "Security Response" product in Bugzilla and the add-tracking-bugs functionality for creating dependency trees available for use to people who are not in the Red Hat security response team? Example: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244808 and its dependencies. From bugzilla at redhat.com Sat Jun 30 08:18:22 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 30 Jun 2007 04:18:22 -0400 Subject: [Bug 246322] New: flac123 0.0.9 vorbis comment parsing buffer overflow Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=246322 Summary: flac123 0.0.9 vorbis comment parsing buffer overflow Product: Fedora Version: f7 Platform: All URL: http://www.vuxml.org/freebsd/32d38cbb-2632-11dc-94da- 0016179b2dd5.html OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: flac123 AssignedTo: foolish at guezz.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://www.vuxml.org/freebsd/32d38cbb-2632-11dc-94da-0016179b2dd5.html "flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code." 0.0.10 is out, supposedly containing a fix for this. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From fedora-extras-commits at redhat.com Sat Jun 30 08:27:54 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sat, 30 Jun 2007 04:27:54 -0400 Subject: fedora-security/audit fe5,1.209,1.210 fe6,1.123,1.124 Message-ID: <200706300827.l5U8Rs7f029238@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29218 Modified Files: fe5 fe6 Log Message: flac123, ekg Index: fe5 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe5,v retrieving revision 1.209 retrieving revision 1.210 diff -u -r1.209 -r1.210 --- fe5 28 Jun 2007 17:40:14 -0000 1.209 +++ fe5 30 Jun 2007 08:27:52 -0000 1.210 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-NOID VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 @@ -46,6 +47,9 @@ CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 CVE-2007-1732 ignore (wordpress) #235015 CVE-2007-1673 ignore (zoo, package removed from repository) +CVE-2007-1665 VULNERABLE (ekg) #246034 +CVE-2007-1664 VULNERABLE (ekg) #246034 +CVE-2007-1663 VULNERABLE (ekg) #246034 CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 Index: fe6 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fe6,v retrieving revision 1.123 retrieving revision 1.124 diff -u -r1.123 -r1.124 --- fe6 28 Jun 2007 17:40:14 -0000 1.123 +++ fe6 30 Jun 2007 08:27:52 -0000 1.124 @@ -2,6 +2,7 @@ ** are items that need attention +CVE-NOID VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-3241 ** (wordpress) #245211 CVE-2007-3240 ** (wordpress) #245211 CVE-2007-3239 ** (wordpress) #245211 @@ -51,6 +52,9 @@ CVE-2007-1799 version (ktorrent, fixed 2.1.3) #235014 CVE-2007-1745 ignore (clamav, 0.90/0.90.1 only) #236703 CVE-2007-1732 ignore (wordpress) #235015 +CVE-2007-1665 VULNERABLE (ekg) #246034 +CVE-2007-1664 VULNERABLE (ekg) #246034 +CVE-2007-1663 VULNERABLE (ekg) #246034 CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 CVE-2007-1599 version (wordpress, fixed 2.1.3-0.rc2) #233703 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits From fedora-extras-commits at redhat.com Sat Jun 30 08:28:39 2007 From: fedora-extras-commits at redhat.com (Ville Skytta (scop)) Date: Sat, 30 Jun 2007 04:28:39 -0400 Subject: fedora-security/audit fc7,1.30,1.31 Message-ID: <200706300828.l5U8SdnS029268@cvs-int.fedora.redhat.com> Author: scop Update of /cvs/fedora/fedora-security/audit In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29250 Modified Files: fc7 Log Message: +flac123, bz for ekg, sort gd CVS ids Index: fc7 =================================================================== RCS file: /cvs/fedora/fedora-security/audit/fc7,v retrieving revision 1.30 retrieving revision 1.31 diff -u -r1.30 -r1.31 --- fc7 30 Jun 2007 07:59:40 -0000 1.30 +++ fc7 30 Jun 2007 08:28:36 -0000 1.31 @@ -4,14 +4,15 @@ *CVE are items that need verification for Fedora 7 +CVE-NOID VULNERABLE (flac123, fixed 0.0.10) #246322 CVE-2007-4168 VULNERABLE (libexif) #243890 -CVE-2007-3472 ** (gd) -CVE-2007-3473 ** (gd) -CVE-2007-3474 ** (gd) -CVE-2007-3475 ** (gd) -CVE-2007-3476 ** (gd) -CVE-2007-3477 ** (gd) CVE-2007-3478 ** (gd) +CVE-2007-3477 ** (gd) +CVE-2007-3476 ** (gd) +CVE-2007-3475 ** (gd) +CVE-2007-3474 ** (gd) +CVE-2007-3473 ** (gd) +CVE-2007-3472 ** (gd) CVE-2007-3410 VULNERABLE (HelixPlayer) #245838 CVE-2007-3393 VULNERABLE (wireshark) CVE-2007-3392 VULNERABLE (wireshark) @@ -128,9 +129,9 @@ CVE-2007-1710 version (php, fixed 5.2.2) CVE-2007-1709 ignore (php) no security impact *CVE-2007-1667 (xorg-x11) -CVE-2007-1665 VULNERABLE (ekg) -CVE-2007-1664 VULNERABLE (ekg) -CVE-2007-1663 VULNERABLE (ekg) +CVE-2007-1665 VULNERABLE (ekg) #246034 +CVE-2007-1664 VULNERABLE (ekg) #246034 +CVE-2007-1663 VULNERABLE (ekg) #246034 CVE-2007-1649 version (php, fixed 5.2.2) *CVE-2007-1622 version (wordpress, fixed 2.1.3-0.rc2) #233703 *CVE-2007-1614 version (zziplib, fixed 0.13.49) #233700 -- fedora-extras-commits mailing list fedora-extras-commits at redhat.com https://www.redhat.com/mailman/listinfo/fedora-extras-commits