From bugzilla at redhat.com Tue May 1 20:09:44 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 May 2007 16:09:44 -0400 Subject: [Bug 238615] New: CVE-2007-2413: perl-Imager < 0.57 heap based buffer overflow Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238615 Summary: CVE-2007-2413: perl-Imager < 0.57 heap based buffer overflow Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2413 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: perl-Imager AssignedTo: steve at silug.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security- list at redhat.com,ghenry at suretecsystems.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2413 "Heap-based buffer overflow in Imager before 0.57 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via compressed 8-bit BMP files." All distros currently at < 0.57. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 1 20:19:08 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 May 2007 16:19:08 -0400 Subject: [Bug 238616] New: CVE-2007-2381: MochiKit javascript hijacking vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238616 Summary: CVE-2007-2381: MochiKit javascript hijacking vulnerability Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: MochiKit AssignedTo: icon at fedoraproject.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381 "The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."" -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 1 20:39:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 May 2007 16:39:17 -0400 Subject: [Bug 238616] CVE-2007-2381: MochiKit javascript hijacking vulnerability In-Reply-To: Message-ID: <200705012039.l41KdHd2025337@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2381: MochiKit javascript hijacking vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238616 icon at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From icon at fedoraproject.org 2007-05-01 16:39 EST ------- Contacted upstream. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 1 21:04:18 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 May 2007 17:04:18 -0400 Subject: [Bug 238616] CVE-2007-2381: MochiKit javascript hijacking vulnerability In-Reply-To: Message-ID: <200705012104.l41L4IeH027611@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2381: MochiKit javascript hijacking vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238616 icon at fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |CANTFIX ------- Additional Comments From icon at fedoraproject.org 2007-05-01 17:04 EST ------- Upstream sez (http://groups.google.com/group/mochikit/t/e473d15b0e689054): > Will there be a fix for http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2381 > in the 1.3.1 branch? Nope. It's not a real security issue, not with MochiKit anyway. The recommended "fix" would mean supporting some junk that's not JSON anymore. I've already caved and put said support on the trunk just so people would shut up about the issue, but I'm certainly not going to make a maintenance release to "fix" this non-issue. Ensuring that your server only sends JSON when properly authenticated, or otherwise sending only non-exploitable JSON (e.g. JSON with an object envelope) is the only solution to this problem. Only a very small subset of JSON, specifically [array, envelope, json] is susceptible to this data leakage attack. Don't send that stuff on the server-side, and there is no problem. Most people don't send array envelope JSON anyhow. Either way, totally irrelevant to the client-side. It's like saying that we should fix browsers so that they can't be used to mount a SQL injection attack on a poorly written service. -bob -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 1 23:11:05 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 1 May 2007 19:11:05 -0400 Subject: [Bug 238615] CVE-2007-2413: perl-Imager < 0.57 heap based buffer overflow In-Reply-To: Message-ID: <200705012311.l41NB5Bo005147@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2413: perl-Imager < 0.57 heap based buffer overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238615 steve at silug.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From steve at silug.org 2007-05-01 19:10 EST ------- FC-5, FC-6, and devel are all building now. Thanks for the heads-up. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed May 2 15:40:31 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 May 2007 11:40:31 -0400 Subject: [Bug 235416] CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows In-Reply-To: Message-ID: <200705021540.l42FeVn8032420@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235416 paul at city-fan.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |1.9.15-2 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed May 2 15:58:12 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 May 2007 11:58:12 -0400 Subject: [Bug 238722] New: CVE-2007-2423: moin <= 1.5.7 XSS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238722 Summary: CVE-2007-2423: moin <= 1.5.7 XSS Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2423 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: moin AssignedTo: matthias at rpmforge.net ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2423 "Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed May 2 16:04:56 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 May 2007 12:04:56 -0400 Subject: [Bug 238723] New: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238723 Summary: CVE-2007-13{20-23}, CVE-2007-1366: qemu multiple vulnerabilities Product: Fedora Extras Version: fc6 Platform: All URL: http://www.vuxml.org/freebsd/0ac89b39-f829-11db-b55c- 000e0c6d38a9.html OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: qemu AssignedTo: dwmw2 at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com,j.w.r.degoede at hhs.nl Not sure if these affect any qemu versions in Fedora, but here goes: http://www.vuxml.org/freebsd/0ac89b39-f829-11db-b55c-000e0c6d38a9.html "Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1320 Tavis Ormandy discovered that a memory management routine of the Cirrus video driver performs insufficient bounds checking, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1321 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1322 Tavis Ormandy discovered that the "icebp" instruction can be abused to terminate the emulation, resulting in denial of service. CVE-2007-1323 Tavis Ormandy discovered that the NE2000 network driver and the socket code perform insufficient input validation, which might allow the execution of arbitrary code through a heap overflow. CVE-2007-1366 Tavis Ormandy discovered that the "aam" instruction can be abused to crash qemu through a division by zero, resulting in denial of service." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed May 2 19:29:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 2 May 2007 15:29:37 -0400 Subject: [Bug 238615] CVE-2007-2413: perl-Imager < 0.57 heap based buffer overflow In-Reply-To: Message-ID: <200705021929.l42JTbiC017242@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2413: perl-Imager < 0.57 heap based buffer overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238615 steve at silug.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Fri May 4 12:58:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Fri, 4 May 2007 08:58:23 -0400 Subject: [Bug 238722] CVE-2007-2423: moin <= 1.5.7 XSS In-Reply-To: Message-ID: <200705041258.l44CwNE6030404@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2423: moin <= 1.5.7 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238722 ------- Additional Comments From matthias at rpmforge.net 2007-05-04 08:58 EST ------- And once again, no patch to be found anywhere... not to mention half the reports mentionning "PHP" or "index.php" vulnerability... *sigh* -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sun May 6 06:35:07 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sun, 6 May 2007 02:35:07 -0400 Subject: [Bug 239213] New: CVE-2007-2500: gnash arbitrary code execution Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213 Summary: CVE-2007-2500: gnash arbitrary code execution Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: gnash AssignedTo: pertusus at free.fr ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2500 "server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash Player) 0.7.2 allows remote attackers to execute arbitrary code via a large number of SHOWFRAME elements within a DEFINESPRITE element, which triggers memory corruption and enables the attacker to call free with an arbitrary address, probably resultant from a buffer overflow." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon May 7 13:13:07 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 May 2007 09:13:07 -0400 Subject: [Bug 228764] CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure In-Reply-To: Message-ID: <200705071313.l47DD7wd017510@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-0901, CVE-2007-0902: moin 1.5.7 XSS, information disclosure https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228764 bugzilla at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|normal |medium matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |1.5.7-2 ------- Additional Comments From matthias at rpmforge.net 2007-05-07 09:13 EST ------- Debian has a really great MoinMoin package, and seems to track upstream really closely. I've reviewed, included and tested 4 security patches from Debian, which should fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other security bugs too). I've updated F7,6,5 and EL5,4 branches (all current). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon May 7 13:13:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 May 2007 09:13:17 -0400 Subject: [Bug 238722] CVE-2007-2423: moin <= 1.5.7 XSS In-Reply-To: Message-ID: <200705071313.l47DDHTm017561@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2423: moin <= 1.5.7 XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238722 matthias at rpmforge.net changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |1.5.7-2 ------- Additional Comments From matthias at rpmforge.net 2007-05-07 09:13 EST ------- Debian has a really great MoinMoin package, and seems to track upstream really closely. I've reviewed, included and tested 4 security patches from Debian, which should fix CVE-2007-0857, CVE-2007-0901, CVE-2007-0902 and CVE-2007-2423 (and other security bugs too). I've updated F7,6,5 and EL5,4 branches (all current). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Mon May 7 17:35:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 7 May 2007 13:35:37 -0400 Subject: [Bug 239338] New: CVE-2007-1253: blender arbitrary python code execution Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239338 Summary: CVE-2007-1253: blender arbitrary python code execution Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: blender AssignedTo: Jochen at herr-schmitt.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1253 "Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 8 17:10:03 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 8 May 2007 13:10:03 -0400 Subject: [Bug 239338] CVE-2007-1253: blender arbitrary python code execution In-Reply-To: Message-ID: <200705081710.l48HA3oB006407@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1253: blender arbitrary python code execution https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239338 Jochen at herr-schmitt.de changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NEXTRELEASE ------- Additional Comments From Jochen at herr-schmitt.de 2007-05-08 13:09 EST ------- I have remove the insecure script from the package. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed May 9 08:16:10 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 9 May 2007 04:16:10 -0400 Subject: [Bug 239213] CVE-2007-2500: gnash arbitrary code execution In-Reply-To: Message-ID: <200705090816.l498GAeP002561@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2500: gnash arbitrary code execution https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213 ------- Additional Comments From pertusus at free.fr 2007-05-09 04:15 EST ------- Next release is due soon. I asked the list about a patch and whether it was fixed in HEAD. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat May 12 08:02:51 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 12 May 2007 04:02:51 -0400 Subject: [Bug 239904] New: CVE-2007-2627: wordpress sidebar.php XSS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239904 Summary: CVE-2007-2627: wordpress sidebar.php XSS Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2627 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2627 "Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat May 12 20:00:17 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 12 May 2007 16:00:17 -0400 Subject: [Bug 239213] CVE-2007-2500: gnash arbitrary code execution In-Reply-To: Message-ID: <200705122000.l4CK0HPY013215@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2500: gnash arbitrary code execution https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239213 pertusus at free.fr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |0.7.2-2 ------- Additional Comments From pertusus at free.fr 2007-05-12 16:00 EST ------- Thanks for the report. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu May 17 07:37:53 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 May 2007 03:37:53 -0400 Subject: [Bug 240395] New: CVE-2007-2650: clamav OLE2 parser DoS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 Summary: CVE-2007-2650: clamav OLE2 parser DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: clamav AssignedTo: enrico.scholz at informatik.tu-chemnitz.de ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2650 "The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file." Affected versions unknown. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu May 17 07:49:32 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 May 2007 03:49:32 -0400 Subject: [Bug 240396] New: CVE-2007-2654: xfsdump file permissions issue Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396 Summary: CVE-2007-2654: xfsdump file permissions issue Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: xfsdump AssignedTo: cattelan at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2654 "xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems." Patch from SUSE update attached. ------- Additional Comments From ville.skytta at iki.fi 2007-05-17 03:49 EST ------- Created an attachment (id=154896) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154896&action=view) Patch from SUSE update -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu May 17 07:56:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 May 2007 03:56:23 -0400 Subject: [Bug 240397] New: CVE-2007-2721: jasper DoS, heap corruption Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397 Summary: CVE-2007-2721: jasper DoS, heap corruption Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: jasper AssignedTo: rdieter at math.unl.edu ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2721 "The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as originally demonstrated using imagemagick convert." Appears to affect 1.900.1 too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu May 17 08:00:13 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 May 2007 04:00:13 -0400 Subject: [Bug 240398] New: CVE-2007-2445: libpng10 DoS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240398 Summary: CVE-2007-2445: libpng10 DoS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: libpng10 AssignedTo: paul at city-fan.org ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 "The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and 1.2.x before 1.2.17 allows remote attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Thu May 17 22:14:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Thu, 17 May 2007 18:14:33 -0400 Subject: [Bug 239904] CVE-2007-2627: wordpress sidebar.php XSS In-Reply-To: Message-ID: <200705172214.l4HMEXYo020694@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2627: wordpress sidebar.php XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=239904 jwb at redhat.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From jwb at redhat.com 2007-05-17 18:14 EST ------- Upstream doesn't seem to have a patch for this as of yet (May 17 2007). -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 22 02:00:56 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 21 May 2007 22:00:56 -0400 Subject: [Bug 240395] CVE-2007-2650: clamav OLE2 parser DoS In-Reply-To: Message-ID: <200705220200.l4M20uIV028394@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2650: clamav OLE2 parser DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240395 james.teh at netboxblue.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |james.teh at netboxblue.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Wed May 23 14:50:23 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 23 May 2007 10:50:23 -0400 Subject: [Bug 240970] New: CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240970 Summary: CVE-2007-2821: wordpress < 2.2 admin-ajax.php SQL injection Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2821 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb at redhat.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2821 "SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Sat May 26 16:09:02 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Sat, 26 May 2007 12:09:02 -0400 Subject: [Bug 241489] New: CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241489 Summary: CVE-2007-2865: phpPgAdmin 4.1.1 XSS vulnerability Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2865 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: phpPgAdmin AssignedTo: devrim at commandprompt.com ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2865 "Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From nice at titanic.nyme.hu Sun May 27 00:06:39 2007 From: nice at titanic.nyme.hu (=?iso-8859-2?q?N=E9meth_Tam=E1s?=) Date: Sun, 27 May 2007 02:06:39 +0200 Subject: Security features of recent Fedora versions? Message-ID: <200705270206.41530.nice@titanic.nyme.hu> Dear Fedora developers or Experts! ?In these days I am mostly engaged in the task of choosing a free and secure Linux ditribution for our university. I've read some documents from this field but I am in doubt in a few areas: When i look at Ingo Molnar's Exec Shield patch web page (http://people.redhat.com/mingo/exec-shield/), I got the impression that a fully feature Exec Shield patch set exists only for the 2.4 series of the Linux kernels, and on the 2.6 series it only provides NX. Am I correct? Is there an (maybe exprimental) Exec Shield patch for 2.6 kernels which provides full ALSR functionality, including the relocation of PIE binaries? If not, then I wonder why is it so difficult to be done for the 2.6 series. (For example PaX is still considered experimental on 2.6!) Are the Fedora packages linked with BIND_NOW option to make the -z relro linking option even more effective? Thank you for the information! Best regards: Nemeth, Tamas IT administrator University of West-Hungary, Sopron, Hungary From bugzilla at redhat.com Mon May 28 20:47:40 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Mon, 28 May 2007 16:47:40 -0400 Subject: [Bug 235013] CVE-2007-1804: pulseaudio 0.9.5 DoS In-Reply-To: Message-ID: <200705282047.l4SKlevx016531@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1804: pulseaudio 0.9.5 DoS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235013 ------- Additional Comments From lennart at poettering.de 2007-05-28 16:47 EST ------- PulseAudio 0.9.6 fixes these issues. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bugzilla at redhat.com Tue May 29 16:01:28 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Tue, 29 May 2007 12:01:28 -0400 Subject: [Bug 240397] CVE-2007-2721: jasper DoS, heap corruption In-Reply-To: Message-ID: <200705291601.l4TG1SdP018745@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2721: jasper DoS, heap corruption https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397 rdieter at math.unl.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From rdieter at math.unl.edu 2007-05-29 12:01 EST ------- %changelog * Wed May 23 2007 Rex Dieter 1.900.1-2 - CVE-2007-2721 (#240397) Built most everywhere, except F7+, pending F7 release and update mechanism. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From nice at titanic.nyme.hu Wed May 30 13:07:01 2007 From: nice at titanic.nyme.hu (=?iso-8859-2?q?N=E9meth_Tam=E1s?=) Date: Wed, 30 May 2007 15:07:01 +0200 Subject: Exec Shield for Linux 2.6.x.y? Message-ID: <200705301507.01747.nice@titanic.nyme.hu> Dear Fedora developers or Experts! Can you tell me if these is an Exec Shield kernel patch for most recent 2.6 series vanilla kernels being able to do full ALSR functionality, including the relocation of PIE binaries? When I look at Ingo Molnar's Exec Shield patch web page (http://people.redhat.com/mingo/exec-shield/), I got the impression that a fully featured Exec Shield patch set exists only for the 2.4 series of the Linux kernels. Am I correct? Thank you for the information! Best regards: Nemeth, Tamas IT administrator University of West-Hungary, Sopron, Hungary From bugzilla at redhat.com Wed May 30 18:32:37 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 May 2007 14:32:37 -0400 Subject: [Bug 241799] New: CVE-2007-2894: bochs guest OS local user DoS Message-ID: Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241799 Summary: CVE-2007-2894: bochs guest OS local user DoS Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: bochs AssignedTo: j.w.r.degoede at hhs.nl ReportedBy: ville.skytta at iki.fi QAContact: extras-qa at fedoraproject.org CC: fedora-security-list at redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2894 "The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error." -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From bressers at redhat.com Wed May 30 20:11:49 2007 From: bressers at redhat.com (Josh Bressers) Date: Wed, 30 May 2007 16:11:49 -0400 Subject: Exec Shield for Linux 2.6.x.y? In-Reply-To: <200705301507.01747.nice@titanic.nyme.hu> References: <200705301507.01747.nice@titanic.nyme.hu> Message-ID: <10451.1180555909@devserv.devel.redhat.com> > Dear Fedora developers or Experts! > > Can you tell me if these is an Exec Shield kernel patch for most recent 2.6 > series vanilla kernels being able to do full ALSR functionality, including > the relocation of PIE binaries? > > When I look at Ingo Molnar's Exec Shield patch web page > (http://people.redhat.com/mingo/exec-shield/), I got the impression that a > fully featured Exec Shield patch set exists only for the 2.4 series of the > Linux kernels. Am I correct? > Without knowing all the nitty gritty details, I believe this is because a subset of the initial 2.4 patch is included in upstream 2.6. I would suggesting asking one of the Fedora kernel guys, or Ingo if you want to know for sure. This list is primarily for dealing with security vulnerabilities in Fedora. I doubt anyone on this list knows enough about the working of Exec Shield to feel comfortable answering your question. -- JB From bugzilla at redhat.com Thu May 31 03:35:33 2007 From: bugzilla at redhat.com (bugzilla at redhat.com) Date: Wed, 30 May 2007 23:35:33 -0400 Subject: [Bug 240397] CVE-2007-2721: jasper DoS, heap corruption In-Reply-To: Message-ID: <200705310335.l4V3ZXhp030218@bugzilla.redhat.com> Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-2721: jasper DoS, heap corruption https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240397 rdieter at math.unl.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |ERRATA ------- Additional Comments From rdieter at math.unl.edu 2007-05-30 23:35 EST ------- F7 security update requested. Queued fixed FC-5, FC-6 builds as well, I was wrong before, had only done epel-4, epel-5 builds. closing. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. From davej at redhat.com Thu May 31 20:47:17 2007 From: davej at redhat.com (Dave Jones) Date: Thu, 31 May 2007 16:47:17 -0400 Subject: Exec Shield for Linux 2.6.x.y? In-Reply-To: <10451.1180555909@devserv.devel.redhat.com> References: <200705301507.01747.nice@titanic.nyme.hu> <10451.1180555909@devserv.devel.redhat.com> Message-ID: <20070531204717.GF31153@redhat.com> On Wed, May 30, 2007 at 04:11:49PM -0400, Josh Bressers wrote: > > Dear Fedora developers or Experts! > > > > Can you tell me if these is an Exec Shield kernel patch for most recent 2.6 > > series vanilla kernels being able to do full ALSR functionality, including > > the relocation of PIE binaries? > > > > When I look at Ingo Molnar's Exec Shield patch web page > > (http://people.redhat.com/mingo/exec-shield/), I got the impression that a > > fully featured Exec Shield patch set exists only for the 2.4 series of the > > Linux kernels. Am I correct? > > > > Without knowing all the nitty gritty details, I believe this is because a > subset of the initial 2.4 patch is included in upstream 2.6. > > I would suggesting asking one of the Fedora kernel guys, or Ingo if you > want to know for sure. This list is primarily for dealing with security > vulnerabilities in Fedora. I doubt anyone on this list knows enough about > the working of Exec Shield to feel comfortable answering your question. You can find a version that always applies to latest upstream (give or take a few days lag time after a point release) in the Fedora CVS. There's pointers on http://people.redhat.com/davej/ Dave -- http://www.codemonkey.org.uk