From bugzilla at redhat.com Thu Mar 1 21:15:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 1 Mar 2007 16:15:10 -0500 Subject: [Bug 228138] CVE-2006-6979: amarok shell escaping issue In-Reply-To: Message-ID: <200703012115.l21LFA8H018331@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-6979: amarok shell escaping issue https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228138 gauret at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Mar 2 12:29:06 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Mar 2007 07:29:06 -0500 Subject: [Bug 228764] CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure In-Reply-To: Message-ID: <200703021229.l22CT6NR010018@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764 ------- Additional Comments From matthias at rpmforge.net 2007-03-02 07:28 EST ------- Looks like Ubuntu has released updates to fix these vulnerabilities. I wish the MoinMoin website would actually publish some kind of official announcement (and patch!), instead of having to hunt for details and a fix... -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 04:07:11 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Mar 2007 23:07:11 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703030407.l2347BqE006405@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 deisenst at gtw.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |deisenst at gtw.net ------- Additional Comments From deisenst at gtw.net 2007-03-02 23:07 EST ------- Although John Beringer indicates as of 2007-02-27, new packages have been uploaded and built for Wordpress, I am not seeing any new packages in Extras repositories for Wordpress for FC5 nor for devel. What's going on? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 04:42:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 2 Mar 2007 23:42:32 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703030442.l234gWTX007607@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 ------- Additional Comments From tibbs at math.uh.edu 2007-03-02 23:42 EST ------- Indeed, it seems that the new versions were tagged, but I don't see that they were ever built. It's probably just an oversight; I could build them myself but at this point I think it's more prudent to wait to see if the maintainer will chime in soon. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 07:47:30 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 3 Mar 2007 02:47:30 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703030747.l237lU9a010979@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 ------- Additional Comments From ville.skytta at iki.fi 2007-03-03 02:47 EST ------- Which repository/mirror do you use? I verified the existence of the builds before marking this CVE taken care of in fedora-security/audit/fe* and they're still there just as expected: $ HEAD http://download.fedora.redhat.com/pub/fedora/linux/extras/5/i386/wordpress-2.1.1-0.fc5.noarch.rpm | grep '\(OK\|Last-Mod\)' 200 OK Last-Modified: Tue, 27 Feb 2007 21:41:47 GMT $ HEAD http://download.fedora.redhat.com/pub/fedora/linux/extras/6/i386/wordpress-2.1.1-0.fc6.noarch.rpm | grep '\(OK\|Last-Mod\)' 200 OK Last-Modified: Tue, 27 Feb 2007 21:40:52 GMT $ HEAD http://download.fedora.redhat.com/pub/fedora/linux/extras/development/i386/wordpress-2.1.1-0.fc7.noarch.rpm | grep '\(OK\|Last-Mod\)' 200 OK Last-Modified: Tue, 27 Feb 2007 23:30:09 GMT -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 13:27:04 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 3 Mar 2007 08:27:04 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703031327.l23DR4Zq029722@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 ------- Additional Comments From jwb at redhat.com 2007-03-03 08:26 EST ------- http://buildsys.fedoraproject.org/logs/fedora-5-extras/28349-wordpress-2.1.1-0.fc5/ http://buildsys.fedoraproject.org/logs/fedora-6-extras/28350-wordpress-2.1.1-0.fc6/ http://buildsys.fedoraproject.org/logs/fedora-development-extras/28351-wordpress-2.1.1-0.fc7/ New packages were indeed built as of 27-Feb-2007. If a given mirror does not have the new packages, you may wish to contact that mirror's maintainer. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 15:08:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 3 Mar 2007 10:08:09 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703031508.l23F89fC002357@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 ------- Additional Comments From tibbs at math.uh.edu 2007-03-03 10:07 EST ------- Hmm, I'm mirroring from kernel.org. How odd, the binary rpm is there, but the source rpm isn't. Sorry for not checking deeper earlier. WHen I saw that the srpm wasn't there, I tried to extract info from the buildsys but of course you can only go back a couple of days. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 15:38:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 3 Mar 2007 10:38:32 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703031538.l23FcWjX003041@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 ------- Additional Comments From ville.skytta at iki.fi 2007-03-03 10:38 EST ------- That kind of situation is almost certainly a mirroring issue. The scripts used to publish Extras repositories work so that before creating and pushing a repo to the primary public mirror, all binary rpms for which a source rpm is not available are removed. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 15:47:28 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 3 Mar 2007 10:47:28 -0500 Subject: [Bug 229991] CVE-2007-1049: wordpress < 2.1.1 XSS In-Reply-To: Message-ID: <200703031547.l23FlSH0003227@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1049: wordpress < 2.1.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229991 ------- Additional Comments From tibbs at math.uh.edu 2007-03-03 10:47 EST ------- In any case, I've re-pulled my mirror and the srpm is there, so I don't know what was up. And in any case this is all moot since you really, really don't want to be running 2.1.1 anyway. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 3 16:07:47 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 3 Mar 2007 11:07:47 -0500 Subject: [Bug 230825] Backdoor exploit in 2.1.1 In-Reply-To: Message-ID: <200703031607.l23G7lHo003686@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Backdoor exploit in 2.1.1 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230825 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com ------- Additional Comments From ville.skytta at iki.fi 2007-03-03 11:07 EST ------- Repository push is in progress. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From lmacken at redhat.com Sun Mar 4 12:05:23 2007 From: lmacken at redhat.com (Luke Macken) Date: Sun, 4 Mar 2007 07:05:23 -0500 Subject: Security LiveCD Message-ID: <20070304120523.GA2906@tomservo.rh.rit.edu> I started piecing together a Fedora Security LiveCD, designed for security auditing, penetration testing, and forensics. See my blog post and the wiki page for more information: http://lewk.org/blog/2007/03/04/security-livecd http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD {comments,suggestions,patches} welcome. luke From bugzilla at redhat.com Sun Mar 4 12:19:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 4 Mar 2007 07:19:09 -0500 Subject: [Bug 230898] New: CVE-2007-1244: wordpress 2.1.1 (others?) CSRF Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230898 Summary: CVE-2007-1244: wordpress 2.1.1 (others?) CSRF Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1244 "Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter." Unsure whether this is fixed in 2.1.2. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From sundaram at fedoraproject.org Sun Mar 4 17:12:34 2007 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Sun, 04 Mar 2007 22:42:34 +0530 Subject: [Fedora-livecd-list] Security LiveCD In-Reply-To: <20070304120523.GA2906@tomservo.rh.rit.edu> References: <20070304120523.GA2906@tomservo.rh.rit.edu> Message-ID: <45EAFE02.7020404@fedoraproject.org> Luke Macken wrote: > I started piecing together a Fedora Security LiveCD, designed for > security auditing, penetration testing, and forensics. See my blog > post and the wiki page for more information: > > http://lewk.org/blog/2007/03/04/security-livecd > http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD > > {comments,suggestions,patches} welcome. I read that pages and blog earlier. Excellent work. You seem to using a relatively older version of Live CD tool. The newer versions use kickstart for configuration. Same for pungi too. Have you looked at what other security/hardening focused distributions and especially live cd's do? Is it just a matter of putting in a bunch of related packages or is there any special configuration being done on other distributions in the same space? Rahul From bugzilla at redhat.com Sun Mar 4 18:18:08 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 4 Mar 2007 13:18:08 -0500 Subject: [Bug 230898] CVE-2007-1244: wordpress 2.1.1 (others?) CSRF In-Reply-To: Message-ID: <200703041818.l24II81x013431@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1244: wordpress 2.1.1 (others?) CSRF https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230898 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |2.1.2-0 ------- Additional Comments From jwb at redhat.com 2007-03-04 13:18 EST ------- http://www.securityfocus.com/bid/22735/solution Already fixed in 2.1.2 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 4 19:45:28 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 4 Mar 2007 14:45:28 -0500 Subject: [Bug 230927] New: CVE-2007-1103: tor information disclosure Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230927 Summary: CVE-2007-1103: tor information disclosure Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: medium Component: tor AssignedTo: enrico.scholz at informatik.tu-chemnitz.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1103 "Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations." All <= 0.1.1.26 versions reportedly affected. Upstream statement: http://blogs.law.harvard.edu/anonymous/2007/02/26/the-rumors-of-our-demise/ -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From lmacken at redhat.com Tue Mar 6 00:25:15 2007 From: lmacken at redhat.com (Luke Macken) Date: Mon, 5 Mar 2007 19:25:15 -0500 Subject: [Fedora-livecd-list] Security LiveCD In-Reply-To: <45EAFE02.7020404@fedoraproject.org> References: <20070304120523.GA2906@tomservo.rh.rit.edu> <45EAFE02.7020404@fedoraproject.org> Message-ID: <20070306002515.GA20802@tomservo.rh.rit.edu> On Sun, Mar 04, 2007 at 10:42:34PM +0530, Rahul Sundaram wrote: > Luke Macken wrote: > >I started piecing together a Fedora Security LiveCD, designed for > >security auditing, penetration testing, and forensics. See my blog > >post and the wiki page for more information: > > > > http://lewk.org/blog/2007/03/04/security-livecd > > http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD > > > >{comments,suggestions,patches} welcome. > > I read that pages and blog earlier. Excellent work. You seem to using a > relatively older version of Live CD tool. The newer versions use > kickstart for configuration. Same for pungi too. Interesting. Where might I be able to find the latest version? I simply followed the FedoraLiveCD/LiveCDHowTo[0], which pointed me to davidz's RH people page[1]. > Have you looked at > what other security/hardening focused distributions and especially live > cd's do? Is it just a matter of putting in a bunch of related packages > or is there any special configuration being done on other distributions > in the same space? I've only played around a little bit with Backtrack[2], which contains a *ton* of tools, accessible menu entries for them, Save2CD support, John MPI instant cluster, among many other features. luke [0]: http://fedoraproject.org/wiki/FedoraLiveCD/LiveCDHowTo [1]: http://people.redhat.com/davidz/livecd/ [2]: http://www.remote-exploit.org/backtrack.html From sundaram at fedoraproject.org Tue Mar 6 00:48:10 2007 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Tue, 06 Mar 2007 06:18:10 +0530 Subject: [Fedora-livecd-list] Security LiveCD In-Reply-To: <20070306002515.GA20802@tomservo.rh.rit.edu> References: <20070304120523.GA2906@tomservo.rh.rit.edu> <45EAFE02.7020404@fedoraproject.org> <20070306002515.GA20802@tomservo.rh.rit.edu> Message-ID: <45ECBA4A.5020800@fedoraproject.org> Luke Macken wrote: > On Sun, Mar 04, 2007 at 10:42:34PM +0530, Rahul Sundaram wrote: >> Luke Macken wrote: >>> I started piecing together a Fedora Security LiveCD, designed for >>> security auditing, penetration testing, and forensics. See my blog >>> post and the wiki page for more information: >>> >>> http://lewk.org/blog/2007/03/04/security-livecd >>> http://fedoraproject.org/wiki/LukeMacken/SecurityLiveCD >>> >>> {comments,suggestions,patches} welcome. >> I read that pages and blog earlier. Excellent work. You seem to using a >> relatively older version of Live CD tool. The newer versions use >> kickstart for configuration. Same for pungi too. > > Interesting. Where might I be able to find the latest version? I simply > followed the FedoraLiveCD/LiveCDHowTo[0], which pointed me to davidz's > RH people page[1]. Jeremy Katz is working on it now. I have updated the how to page to point out the new location. Also note that the latest version is written in python and uses kickstart configuration files instead of the older bash scripts. Jeremy, are you planning to put the tools in to the Fedora repository? > I've only played around a little bit with Backtrack[2], which > contains a *ton* of tools, accessible menu entries for them, Save2CD > support, John MPI instant cluster, among many other features. I suspected we had a lot more tools to package. Might consider starting a security SIG and posting to fedora-devel list with a list of packages and stuff. See http://fedoraproject.org/wiki/Extras/SIGs. What would be more interesting is to look at what kind of configuration tweaks the other Live CD's do. Rahul From michael.vanderheeren at gmail.com Sun Mar 4 16:53:56 2007 From: michael.vanderheeren at gmail.com (=?iso-8859-1?Q?Micha=EBl_Vanderheeren?=) Date: Sun, 4 Mar 2007 17:53:56 +0100 Subject: F7 T2 Security Leak? Message-ID: <45eaf9a7.0a09ff9a.041a.ffffd543@mx.google.com> I think there's a security leak in F7. I found out the next thing: Look at this situation: There are 2 accounts on a computer, call them A and B. Each account has it's own different password. Person A starts up the computer and logs in. But at a certain point person B wants to use his account for 5 minutes. So he uses the Fast User Switch. As this happens person A's account stays active. But person B can switch back to person A's account without entering a password! So if person A is gone for a while, person B can steal his documents, delete files, Greetings, Micha?l Vanderheeren -------------- next part -------------- An HTML attachment was scrubbed... URL: From sundaram at fedoraproject.org Tue Mar 6 14:23:47 2007 From: sundaram at fedoraproject.org (Rahul Sundaram) Date: Tue, 06 Mar 2007 19:53:47 +0530 Subject: F7 T2 Security Leak? In-Reply-To: <45eaf9a7.0a09ff9a.041a.ffffd543@mx.google.com> References: <45eaf9a7.0a09ff9a.041a.ffffd543@mx.google.com> Message-ID: <45ED7973.6080108@fedoraproject.org> Micha?l Vanderheeren wrote: > I think there's a security leak in F7. I found out the next thing: > > Look at this situation: > > There are 2 accounts on a computer, call them A and B. Each account has > it's own different password. > > Person A starts up the computer and logs in. But at a certain point > person B wants to use his account for 5 minutes. So he uses the Fast > User Switch. As this happens person A's account stays active. But? > person B can switch back to person A's account without entering a > password! So if person A is gone for a while, person B can steal his > documents, delete files, ? Like you were already told in fedora-devel list, if the screen saver doesnt lock the screen automatically on a fast user switch, you would need to file a bug report in http://bugzilla.redhat.com against the fast user switch applet. Rahul From bugzilla at redhat.com Wed Mar 7 10:19:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 7 Mar 2007 05:19:33 -0500 Subject: [Bug 228758] CVE-2007-0770: GraphicsMagick buffer overflow In-Reply-To: Message-ID: <200703071019.l27AJXtA014069@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0770: GraphicsMagick buffer overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228758 andreas at bawue.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From andreas at bawue.net 2007-03-07 05:19 EST ------- I'm still not completely sure if this issue is actually exploitable in GraphicsMagick, as the handling is a tad different then with ImageMagick, but I adapted the ImageMagick Fix nevertheless. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 05:12:35 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 00:12:35 -0500 Subject: [Bug 230825] Backdoor exploit in wordpress 2.1.1 In-Reply-To: Message-ID: <200703100512.l2A5CZa7025375@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Backdoor exploit in wordpress 2.1.1 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230825 deisenst at gtw.net changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Backdoor exploit in 2.1.1 |Backdoor exploit in | |wordpress 2.1.1 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 21:28:59 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 16:28:59 -0500 Subject: [Bug 231726] New: CVE-2006-7162: putty <= 0.59 file permissions issues Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231726 Summary: CVE-2006-7162: putty <= 0.59 file permissions issues Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: putty AssignedTo: jima at beer.tclug.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-7162 "PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files." FE5+ seemingly affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 21:33:31 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 16:33:31 -0500 Subject: [Bug 221694] CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure In-Reply-To: Message-ID: <200703102133.l2ALXV8o031766@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221694 ------- Additional Comments From ville.skytta at iki.fi 2007-03-10 16:33 EST ------- The demo server in comment 4 seems to have been updated to 2.10.0.2 but still shows the same problem. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 21:36:54 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 16:36:54 -0500 Subject: [Bug 231728] New: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: mod_security AssignedTo: mfleming+rpm at enlartenment.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,redhat- bugzilla at linuxnetz.de http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1359 "Interpretation conflict in ModSecurity (mod_security) 2.1.0 and earlier allows remote attackers to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is still processed as normal data by some HTTP parsers including PHP 5.2.0, and possibly parsers in Perl, and Python." Based on version numbers, all FE releases are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 21:43:00 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 16:43:00 -0500 Subject: [Bug 231729] New: trac < 0.10.3.1 XSS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231729 Summary: trac < 0.10.3.1 XSS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: trac AssignedTo: jeff at ocjtech.us ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,limb at jcomserv.net http://secunia.com/advisories/24470 http://trac.edgewall.org/wiki/ChangeLog#a0.10.3.1 "The vulnerability is caused due to an error within the "download wiki page as text" function, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation may require that the victim uses IE." Based on version numbers, all FE5+ releases affected. (No CVE id yet AFAIK) -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 22:19:51 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 17:19:51 -0500 Subject: [Bug 231733] New: CVE-2007-1267: sylpheed <= 2.2.7 message forgery vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231733 Summary: CVE-2007-1267: sylpheed <= 2.2.7 message forgery vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: sylpheed AssignedTo: bugs.michael at gmx.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1267 "Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection." This issue is reported against a suspiciously old version of Sylpheed; bug filed for verification whether current versions in FE5+ are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 22:29:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 17:29:37 -0500 Subject: [Bug 231734] New: CVE-2007-1246: xine-lib buffer overflow Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 Summary: CVE-2007-1246: xine-lib buffer overflow Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xine-lib AssignedTo: gauret at free.fr ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,ville.skytta at iki.fi http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1246 Originally reported against MPlayer, but it turns out xine-lib is vulnerable too. Upstream fix pushed to FC6+ (1.1.4-3 currently building), but FC5 is still at 1.1.2, probably already lacking "several bug and security fixes" as put by upstream in the 1.1.3 release announcement. No FC5 system here to test with, so leaving up to Aurelien to decide whether to update while at it or just to possibly apply the patch for this issue from FC6+ (if it applies, unchecked). ------- Additional Comments From ville.skytta at iki.fi 2007-03-10 17:29 EST ------- Created an attachment (id=149781) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=149781&action=view) Fix from upstream CVS -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 23:28:00 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 18:28:00 -0500 Subject: [Bug 231733] CVE-2007-1267: sylpheed <= 2.2.7 message forgery vulnerability In-Reply-To: Message-ID: <200703102328.l2ANS0Ap002644@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1267: sylpheed <= 2.2.7 message forgery vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231733 bugs.michael at gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG ------- Additional Comments From bugs.michael at gmx.net 2007-03-10 18:27 EST ------- Sylpheed uses GPGME, and GPGME 1.1.4 in FE6+ fixes the vulnerability: http://lists.gnupg.org/pipermail/gnupg-announce/2007q1/000251.html FE5 includes a patched version of GPGME 1.1.2 (gpgme-1.1.3-multiple-message.patch). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat Mar 10 23:36:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 18:36:10 -0500 Subject: [Bug 231728] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass In-Reply-To: Message-ID: <200703102336.l2ANaAlT002753@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 mfleming+rpm at enlartenment.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From mfleming+rpm at enlartenment.com 2007-03-10 18:36 EST ------- Thanks for the reminder Ville. Ivan (Ristic, ModSecurity author) hasn't released an update for the 1.9.x branch as yet to fix this, but does have a rule for 2.x and up that mitigates the issue pending a full release of 2.1.1 (and I would assume a 1.9.5 version) >From http://www.modsecurity.org/blog/archives/2007/03/modsecurity_asc.html: SecRule REQUEST_BODY "@validateByteRange 1-255" \ "log,deny,phase:2,t:none,msg:'ModSecurity ASCIIZ Evasion Attempt' I'm going to run up a local package of ModSecurity 2.1.0 (+Core Rules and the above as a "local" rule) this morning and try this on my own site (www.enlartenment.com) prior to adding it to Extras (should it work out OK). I've been meaning to update the version for a while but time constraints got the better of me. Be warned however that the configuration and rule syntax has changed since 1.9.x (admins are going to have to make some manual changes if they've got local additions) but on the upside it's 200% faster and the rule syntax allows for more flexibility. If there's any objections by all means let me know and I'll hold off until a proper 1.9.x fix is available. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 11 00:49:46 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 10 Mar 2007 19:49:46 -0500 Subject: [Bug 231726] CVE-2006-7162: putty <= 0.59 file permissions issues In-Reply-To: Message-ID: <200703110049.l2B0nkjX004139@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-7162: putty <= 0.59 file permissions issues https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231726 jima at beer.tclug.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.59-1 ------- Additional Comments From jima at beer.tclug.org 2007-03-10 19:49 EST ------- As I stated via email, the NVD bug report is actually incorrect (I'd tell them if I could find a good contact address); the bug only applies to putty < 0.59. I've updated putty in FE5 and FE6 to 0.59-1, which takes care of the issue. Thanks for the heads-up! -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From rzeczkow at mcmaster.ca Sun Mar 11 04:24:06 2007 From: rzeczkow at mcmaster.ca (Wiktor Rzeczkowski) Date: Sat, 10 Mar 2007 23:24:06 -0500 (Eastern Standard Time) Subject: Are Red Hat Enterprise Linux and Fedora Core fundamentally sound? Message-ID: I did some testing of RHEL v.4 U4 AS, FC3, FC5 and FC6 and seem to have been finding that, soon after a fresh installation of the OS on a non-networked machine, many files were automatically changing. I also seem to have been finding that some time after package update, the files were automatically changing again. /bin/ls is one of the files that were changing. The file is part of coreutils package. The following are MD5 checksums for /bin/ls on the specified RHEL and FC systems immediately after installation of the specified coreutils package (current version). The checksums are computed by 'md5sum /bin/ls' and the versions of OS and of coreutils are displayed by 'cat /etc/redhat-release' and 'rpm -q coreutils' (no quotes), respectively. Red Hat Enterprise Linux AS release 4 (Nahant Update 4) coreutils-5.2.1-31.4 28da135a9636fbeceb8d1af74d1e16df /bin/ls Fedora Core release 3 (Heidelberg) coreutils-5.2.1-31 135e01367fa7ec42ab2ff5eba1d42418 /bin/ls Fedora Core release 5 (Bordeaux) coreutils-5.97-1.2 94b3a4c00dcd359826663c6ebd6f4a42 /bin/ls Fedora Core release 6 (Zod) coreutils-5.97-12.3.fc6 cc34b0ed1873a94301c511cab1459faa /bin/ls Does anyone get the above MD5 checksum for /bin/ls now, one or more days after installation of the respective coreutils package on the respective OS or does everyone get a different checksum? Wiktor From dennis at ausil.us Sun Mar 11 05:16:01 2007 From: dennis at ausil.us (Dennis Gilmore) Date: Sat, 10 Mar 2007 23:16:01 -0600 Subject: Are Red Hat Enterprise Linux and Fedora Core fundamentally sound? In-Reply-To: References: Message-ID: <200703102316.08152.dennis@ausil.us> Once upon a time Saturday 10 March 2007, Wiktor Rzeczkowski wrote: > I did some testing of RHEL v.4 U4 AS, FC3, FC5 and FC6 and seem to have > been finding that, soon after a fresh installation of the OS on a > non-networked machine, many files were automatically changing. I also seem > to have been finding that some time after package update, the files were > automatically changing again. > > /bin/ls is one of the files that were changing. The file is part of > coreutils package. The following are MD5 checksums for /bin/ls on the > specified RHEL and FC systems immediately after installation of the > specified coreutils package (current version). The checksums are computed > by 'md5sum /bin/ls' and the versions of OS and of coreutils are displayed > by 'cat /etc/redhat-release' and 'rpm -q coreutils' (no quotes), > respectively. what you are seeing is prelink in action. from prelink's man page prelink is a program which modifies ELF shared libraries and ELF dynamically linked binaries, so that the time which dynamic linker needs for their relocation at startup significantly decreases and also due to fewer relocations the run-time memory consumption decreases too (especially number of unshareable pages). Such prelinking information is only used if all its dependant libraries have not changed since prelinking, otherwise programs are relocated normally. you are free to disable prelink if you want. Dennis -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From kevin at tummy.com Sun Mar 11 05:16:49 2007 From: kevin at tummy.com (Kevin Fenzi) Date: Sat, 10 Mar 2007 22:16:49 -0700 Subject: Are Red Hat Enterprise Linux and Fedora Core fundamentally sound? In-Reply-To: References: Message-ID: <20070310221649.2a599f8c@ghistelwchlohm.scrye.com> On Sat, 10 Mar 2007 23:24:06 -0500 (Eastern Standard Time) Wiktor Rzeczkowski wrote: > > I did some testing of RHEL v.4 U4 AS, FC3, FC5 and FC6 and seem to > have been finding that, soon after a fresh installation of the OS on > a non-networked machine, many files were automatically changing. I > also seem to have been finding that some time after package update, > the files were automatically changing again. This is possibly due to prelink? See 'man prelink' "prelink is a program which modifies ELF shared libraries and ELF dynamically linked binaries, so that the time which dynamic linker needs for their relocation at startup significantly decreases and also due to fewer relocations the run-time memory consumption decreases too (especially number of unshareable pages). Such prelinking information is only used if all its dependant libraries have not changed since prelinking, otherwise programs are relocated normally." kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: not available URL: From bugzilla at redhat.com Sun Mar 11 06:17:01 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 11 Mar 2007 01:17:01 -0500 Subject: [Bug 231728] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass In-Reply-To: Message-ID: <200703110617.l2B6H1EO009575@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 ------- Additional Comments From mfleming+rpm at enlartenment.com 2007-03-11 01:16 EST ------- Folks, I've run up some preliminary 2.1.0 RPMs for Core 5 and 6 (i386 and x86_64, no ppc or Rawhide here sorry) at http://www.enlartenment.com/modsecurity/ for those interested in giving them a test prior to me importing them into CVS. It's a fairly serious upgrade and I want to spring as few surprises on users as I can - however if you've not tinkered too much with 1.9's config as I've shipped it you should see no problems. I've turned on the Core Rules set (minus 2 dodgy sets Ivan is aware of) and added the above rule to a local set to ideally fix the reported vulnerability. The server they're hosted on is also running this version and ruleset as a proof-of-concept / eat-my-own-dogfood demonstration. Any feedback appreciated. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 11 10:24:05 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 11 Mar 2007 06:24:05 -0400 Subject: [Bug 231728] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass In-Reply-To: Message-ID: <200703111024.l2BAO5Q8014481@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 ------- Additional Comments From ville.skytta at iki.fi 2007-03-11 06:24 EST ------- If the rules from 1.9.x are not usable with 2.1.0 as is, they should be marked as %config, not %config(noreplace). And reverted back to %config(noreplace) later in the future where it is no longer expected that people will not be upgrading from 1.9.x to the current version at that time, but rather from a version whose config syntax is compatible. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 11 13:40:28 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 11 Mar 2007 09:40:28 -0400 Subject: [Bug 231729] trac < 0.10.3.1 XSS In-Reply-To: Message-ID: <200703111340.l2BDeSto020483@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: trac < 0.10.3.1 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231729 jeff at ocjtech.us changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From jeff at ocjtech.us 2007-03-11 09:40 EST ------- I've updated trac in CVS to 0.10.3.1 and submitted builds, but the packages haven't been pushed out to the mirrors yet. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From rzeczkow at mcmaster.ca Mon Mar 12 00:42:13 2007 From: rzeczkow at mcmaster.ca (Wiktor Rzeczkowski) Date: Sun, 11 Mar 2007 19:42:13 -0500 (Eastern Standard Time) Subject: Are Red Hat Enterprise Linux and Fedora Core fundamentally sound? In-Reply-To: <200703102316.08152.dennis@ausil.us> References: <200703102316.08152.dennis@ausil.us> Message-ID: Thanks. Yes, prelink seems to have actually been changing the files. After running prelink to revert its actions the files and their checksums returned to normal. Enabling/Disabling prelink can be accomplished by setting, respectively, yes or no for PRELINKING in /etc/sysconfig/prelink and executing the script /etc/cron.daily/prelink. Wiktor On Sat, 10 Mar 2007, Dennis Gilmore wrote: > Once upon a time Saturday 10 March 2007, Wiktor Rzeczkowski wrote: > > I did some testing of RHEL v.4 U4 AS, FC3, FC5 and FC6 and seem to have > > been finding that, soon after a fresh installation of the OS on a > > non-networked machine, many files were automatically changing. I also seem > > to have been finding that some time after package update, the files were > > automatically changing again. > > > > /bin/ls is one of the files that were changing. The file is part of > > coreutils package. The following are MD5 checksums for /bin/ls on the > > specified RHEL and FC systems immediately after installation of the > > specified coreutils package (current version). The checksums are computed > > by 'md5sum /bin/ls' and the versions of OS and of coreutils are displayed > > by 'cat /etc/redhat-release' and 'rpm -q coreutils' (no quotes), > > respectively. > what you are seeing is prelink in action. from prelink's man page > > prelink is a program which modifies ELF shared libraries and ELF dynamically > linked binaries, so that the time which dynamic linker needs for their > relocation at startup significantly decreases and also due to fewer > relocations the run-time memory consumption decreases too (especially number > of unshareable pages). Such prelinking information is only used if all > its dependant libraries have not changed since prelinking, otherwise programs > are relocated normally. > > you are free to disable prelink if you want. > > Dennis > From bugzilla at redhat.com Mon Mar 12 01:29:12 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 11 Mar 2007 21:29:12 -0400 Subject: [Bug 221694] CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure In-Reply-To: Message-ID: <200703120129.l2C1TBdi005634@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0095: phpMyAdmin <= 2.9.1.1 information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221694 mmcgrath at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|imlinux at gmail.com |mmcgrath at redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Mar 12 11:42:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 12 Mar 2007 07:42:37 -0400 Subject: [Bug 231728] CVE-2007-1359: mod_security <= 2.1.0 request rule bypass In-Reply-To: Message-ID: <200703121142.l2CBgb3o002103@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1359: mod_security <= 2.1.0 request rule bypass https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231728 ------- Additional Comments From mfleming+rpm at enlartenment.com 2007-03-12 07:42 EST ------- Packages with the aforementioned suggestion (%config not %config(noreplace)) have been uploaded (same location as the previous set, release is 2.1.0-0.4 this time around). If there's no niggles or issues I'll fold this into CVS devel so the bleeding-edge users can give it a whirl, before unleashing it on the general public. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Mar 13 21:16:58 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Mar 2007 17:16:58 -0400 Subject: [Bug 232103] New: CVE-2007-1429: moodle 1.7.1 remote file inclusion Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232103 Summary: CVE-2007-1429: moodle 1.7.1 remote file inclusion Product: Fedora Extras Version: devel Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: moodle AssignedTo: mmcgrath at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1429 "Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 allow remote attackers to execute arbitrary PHP code via a URL in the cmd parameter to (1) admin/utfdbmigrate.php or (2) filter.php." Reported against 1.7.1 which is not currently in any FE repo; reporting here in order to track/ask for confirmation whether 1.6.x in FC-5 and FC-6, and 1.7 in devel are affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue Mar 13 21:34:09 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Mar 2007 17:34:09 -0400 Subject: [Bug 232109] New: CVE-2007-1398: snort DoS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232109 Summary: CVE-2007-1398: snort DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: snort AssignedTo: dennis at ausil.us ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1398 "The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet." FC-5 and 6 are at 2.6.1.1 at the moment. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Mar 14 00:40:18 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 13 Mar 2007 20:40:18 -0400 Subject: [Bug 232109] CVE-2007-1398: snort DoS In-Reply-To: Message-ID: <200703140040.l2E0eImC021039@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1398: snort DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232109 dennis at ausil.us changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |WONTFIX ------- Additional Comments From dennis at ausil.us 2007-03-13 20:40 EST ------- Thanks for the report. we don't build inline mode as it fails to build. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Mar 14 14:35:24 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 14 Mar 2007 10:35:24 -0400 Subject: [Bug 231734] CVE-2007-1246, CVE-2007-1387: xine-lib buffer overflows In-Reply-To: Message-ID: <200703141435.l2EEZOxc003847@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1246, CVE-2007-1387: xine-lib buffer overflows https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231734 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2007-1246: xine-lib |CVE-2007-1246, CVE-2007- |buffer overflow |1387: xine-lib buffer | |overflows ------- Additional Comments From ville.skytta at iki.fi 2007-03-14 10:35 EST ------- Patch in comment 1 fixes CVE-2007-1387 too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Mar 15 16:06:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Mar 2007 12:06:23 -0400 Subject: [Bug 229990] CVE-2007-1030: libevent < 1.3 DoS In-Reply-To: Message-ID: <200703151606.l2FG6NCw019728@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1030: libevent < 1.3 DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229990 ------- Additional Comments From steved at redhat.com 2007-03-15 12:06 EST ------- Rawhide has now been updated to 1.3a... -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Mar 15 16:07:14 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 15 Mar 2007 12:07:14 -0400 Subject: [Bug 229990] CVE-2007-1030: libevent < 1.3 DoS In-Reply-To: Message-ID: <200703151607.l2FG7E3S019802@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1030: libevent < 1.3 DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229990 steved at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|redhat- |steved at redhat.com |bugzilla at camperquake.de | CC| |redhat- | |bugzilla at camperquake.de -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 18 12:50:01 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 18 Mar 2007 08:50:01 -0400 Subject: [Bug 232819] New: CVE-2007-1473, CVE-2007-1474: horde < 3.1.4 vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232819 Summary: CVE-2007-1473, CVE-2007-1474: horde < 3.1.4 vulnerabilities Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: horde AssignedTo: fedora at theholbrooks.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1474 FE5 only; FE6+ have already been updated to 3.1.4. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Mar 19 03:34:50 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 18 Mar 2007 23:34:50 -0400 Subject: [Bug 232819] CVE-2007-1473, CVE-2007-1474: horde < 3.1.4 vulnerabilities In-Reply-To: Message-ID: <200703190334.l2J3YouO014791@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1473, CVE-2007-1474: horde < 3.1.4 vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232819 fedora at theholbrooks.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From fedora at theholbrooks.org 2007-03-18 23:34 EST ------- Fixed in horde-3.1.4-1.fc[567] -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Mar 21 19:27:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Mar 2007 15:27:23 -0400 Subject: [Bug 233353] New: nas < 1.8a svn 237 multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233353 Summary: nas < 1.8a svn 237 multiple vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: nas AssignedTo: frank-buettner at gmx.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com Several vulnerabilities reported against nas < 1.8a svn 237, seemingly affecting all FC5+ versions: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1547 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Mar 21 21:01:48 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Mar 2007 17:01:48 -0400 Subject: [Bug 233353] nas < 1.8a svn 237 multiple vulnerabilities In-Reply-To: Message-ID: <200703212101.l2LL1mqq021578@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: nas < 1.8a svn 237 multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233353 frank-buettner at gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From frank-buettner at gmx.net 2007-03-21 17:01 EST ------- Fixed at devel but need some testing. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Mar 21 21:41:19 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 21 Mar 2007 17:41:19 -0400 Subject: [Bug 233353] nas < 1.8a svn 237 multiple vulnerabilities In-Reply-To: Message-ID: <200703212141.l2LLfJDw023937@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: nas < 1.8a svn 237 multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233353 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ASSIGNED Keywords| |Reopened Resolution|NEXTRELEASE | ------- Additional Comments From ville.skytta at iki.fi 2007-03-21 17:41 EST ------- The version imported in CVS seems to be the upstream 1.8a release from last November, but like the initial comment and bug summary says, these issues affect svn revisions up to 237. The current upstream trunk revision is 237, committed 3 days ago. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu Mar 22 09:12:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 22 Mar 2007 05:12:10 -0400 Subject: [Bug 233353] nas < 1.8a svn 237 multiple vulnerabilities In-Reply-To: Message-ID: <200703220912.l2M9CAhe001765@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: nas < 1.8a svn 237 multiple vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233353 frank-buettner at gmx.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From frank-buettner at gmx.net 2007-03-22 05:11 EST ------- Ok repacked with svn one. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Mar 23 20:59:08 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Mar 2007 16:59:08 -0400 Subject: [Bug 233700] New: CVE-2007-1614: zzliplib stack-based buffer overflow Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233700 Summary: CVE-2007-1614: zzliplib stack-based buffer overflow Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: zziplib AssignedTo: matthias at rpmforge.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1614 "Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Mar 23 21:11:15 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Mar 2007 17:11:15 -0400 Subject: [Bug 233378] Cross-site Scripting Vulnerability in Zope2 In-Reply-To: Message-ID: <200703232111.l2NLBFWH031356@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Cross-site Scripting Vulnerability in Zope2 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233378 ville.skytta at iki.fi changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list at redhat.com ------- Additional Comments From ville.skytta at iki.fi 2007-03-23 17:11 EST ------- This is CVE-2007-0240 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Mar 23 21:14:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Mar 2007 17:14:32 -0400 Subject: [Bug 233703] New: CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233703 Summary: CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1599 "wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1622 "Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Mar 23 21:19:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Mar 2007 17:19:10 -0400 Subject: [Bug 233704] New: CVE-2007-1463, CVE-2007-1464: inkscape < 0.45.1 vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233704 Summary: CVE-2007-1463, CVE-2007-1464: inkscape < 0.45.1 vulnerabilities Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: inkscape AssignedTo: denis at poolshark.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1463 "Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs." http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1464 "Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors." FC-6+ already at 0.45.1, FC-5 not yet. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri Mar 23 21:24:45 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 23 Mar 2007 17:24:45 -0400 Subject: [Bug 233705] New: CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233705 Summary: CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: low Priority: normal Component: xmms AssignedTo: paul at all-the-johnsons.co.uk ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com Cloning RHEL bug for FE[56]. +++ This bug was initially created as a clone of Bug #228013 +++ Sven Krewitt of Secunia reported two flaws he discovered in the way XMMS handles skin files. Here are the technical details provided by Sven: --- Details --- CVE-2007-0654 1) An integer underflow error exists when loading skin bitmap images, which can be exploited to cause a stack-based buffer overflow via specially crafted skin images containing manipulated header information. The vulnerability is caused due to errors within "read_bmp()" in xmms/bmp.c when loading skin bitmap images. -- xmms/bmp.c -- GdkPixmap *read_bmp(gchar * filename) [...] fseek(file, 8, SEEK_CUR); read_le_long(file, &offset); <-- [1] read_le_long(file, &headSize); [...] else if (bitcount != 24 && bitcount != 16 && bitcount != 32) { gint ncols, i; ncols = offset - headSize - 14; <-- [2] if (headSize == 12) { ncols = MIN(ncols / 3, 256); for (i = 0; i < ncols; i++) fread(&rgb_quads[i], 3, 1, file); } else { ncols = MIN(ncols / 4, 256); fread(rgb_quads, 4, ncols, file); <-- [3] [...] ----- "offset" [1] is not properly verified before being used to calculate "ncols" [2]. "bitcount" has to be set to a different value than 24, 16 or 32 (but can also be user controlled). This can be exploited to cause a integer underflow, resulting in a stack based buffer overflow, which can be used to overwrite the return address of "read_bmp()" [3]. Successful exploitation allows execution of arbitrary code. CVE-2007-0653 2) An integer overflow error exists when loading skin bitmap images. This can be exploited to cause a memory corruption via specially crafted skin images containing manipulated header information. -- xmms/bmp.c -- GdkPixmap *read_bmp(gchar * filename) [...] else if (headSize == 40) /* BITMAPINFO */ { guint16 tmp; read_le_long(file, &w); <-- [4] read_le_long(file, &h); <-- [4] [...] fseek(file, offset, SEEK_SET); buffer = g_malloc(imgsize); fread(buffer, imgsize, 1, file); fclose(file); data = g_malloc0((w * 3 * h) + 3); <-- [5] if (bitcount == 1) ---- -- Additional comment from bressers at redhat.com on 2007-02-09 10:23 EST -- These flaws also affect RHEL2.1 and RHEL3 -- Additional comment from davidz at redhat.com on 2007-02-09 12:32 EST -- Are there patches for these yet? -- Additional comment from bressers at redhat.com on 2007-02-09 13:19 EST -- There are no patches yet. I'm still trying to contact someone upstream about this. If you have any upstream contacts, please let me know. -- Additional comment from bressers at redhat.com on 2007-03-21 09:26 EST -- Lifting embargo -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 25 12:39:56 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 25 Mar 2007 08:39:56 -0400 Subject: [Bug 233704] CVE-2007-1463, CVE-2007-1464: inkscape < 0.45.1 vulnerabilities In-Reply-To: Message-ID: <200703251239.l2PCduWc010501@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1463, CVE-2007-1464: inkscape < 0.45.1 vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233704 denis at poolshark.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From denis at poolshark.org 2007-03-25 08:39 EST ------- Thanks for the heads-up Villa, fixed. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun Mar 25 19:34:30 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 25 Mar 2007 15:34:30 -0400 Subject: [Bug 233705] CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) In-Reply-To: Message-ID: <200703251934.l2PJYUoS025201@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233705 shigorin at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |shigorin at gmail.com ------- Additional Comments From shigorin at gmail.com 2007-03-25 15:34 EST ------- havard at xmms I guess, but that way can take quite some time I'm afraid... -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Mar 26 15:47:55 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 26 Mar 2007 11:47:55 -0400 Subject: [Bug 233703] CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities In-Reply-To: Message-ID: <200703261547.l2QFlt1n020574@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233703 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From jwb at redhat.com 2007-03-26 11:47 EST ------- 2.1.3-RC2 packages built - look for 2.1.3-0.rc2 in FC-[5,6], F7 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon Mar 26 17:14:49 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 26 Mar 2007 13:14:49 -0400 Subject: [Bug 228763] CVE-2007-0894: mediawiki full path disclosure In-Reply-To: Message-ID: <200703261714.l2QHEnAD028798@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0894: mediawiki full path disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228763 Axel.Thimm at ATrpms.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |1.8.4-8 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed Mar 28 18:06:39 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 28 Mar 2007 14:06:39 -0400 Subject: [Bug 233705] CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) In-Reply-To: Message-ID: <200703281806.l2SI6d9Z005169@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0653 XMMS multiple issues (CVE-2007-0654) https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233705 ------- Additional Comments From shigorin at gmail.com 2007-03-28 14:06 EST ------- Created an attachment (id=151140) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=151140&action=view) extracted from ubuntu cumulative diff http://www.ubuntu.com/usn/usn-445-1 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.