fedora-security/audit fc5,1.313,1.314 fc6,1.66,1.67

Wed Sep 6 09:06:14 UTC 2006

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11176

Modified Files:
	fc5 fc6 
Log Message:
Deal with fc5 and fc6 updates, apart from libtiff fc5 update which needs work



Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.313
retrieving revision 1.314
diff -u -r1.313 -r1.314

--- fc5	6 Sep 2006 05:58:21 -0000	1.313
+++ fc5	6 Sep 2006 09:06:11 -0000	1.314
@@ -1,8 +1,9 @@
-Up to date CVE as of CVE email 20060903
-Up to date FC5 as of 20060903
+Up to date CVE as of CVE email 20060905
+Up to date FC5 as of 20060905
 
 ** are items that need attention
 
+CVE-2006-4561 ** firefox
 CVE-2006-4538 VULNERABLE (kernel)
 CVE-2006-4535 VULNERABLE (kernel)
 CVE-2006-4507 ignore (libtiff) can't reproduce
@@ -18,6 +19,8 @@
 CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
 CVE-2006-4433 ** php
 CVE-2006-4380 version (mysql, fixed 4.1.13)
+CVE-2006-4339 backport (openssl) [since FEDORA-2006-953]
+CVE-2006-4339 backport (openssl097a) [since FEDORA-2006-953]
 CVE-2006-4333 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
 CVE-2006-4332 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
 CVE-2006-4331 version (wireshark, fixed 0.99.3) [since FEDORA-2006-936]
@@ -33,6 +36,8 @@
 CVE-2006-4146 VULNERABLE (gdb) #204845
 CVE-2006-4145 VULNERABLE (kernel, fixed 2.6.17.10)
 CVE-2006-4144 backport (ImageMagick, fixed 6.2.9) #202773 [since FEDORA-2006-929]
+CVE-2006-4096 ** bind
+CVE-2006-4095 ** bind
 CVE-2006-4093 VULNERABLE (kernel, fixed 2.6.17.9)
 CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) #202247
 CVE-2006-4020 VULNERABLE (php) #201767
@@ -90,6 +95,7 @@
 CVE-2006-3677 VULNERABLE (mozilla)
 CVE-2006-3672 ignore (konqueror) just a crash
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
+CVE-2006-3636 ** mailman
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
 CVE-2006-3632 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
 CVE-2006-3631 version (ethereal, fixed wireshark-0.99.2) [since FEDORA-2006-860]
@@ -138,6 +144,7 @@
 CVE-2006-3016 VULNERABLE (php, fixed 5.1.3)
 CVE-2006-3011 VULNERABLE (php) (safe mode isn't)
 CVE-2006-3005 ignore (libjpeg) not a vuln
+CVE-2006-2941 ** mailman
 CVE-2006-2936 version (kernel, fixed 2.6.16.27, fixed 2.6.17.7) [since FEDORA-2006-906]
 CVE-2006-2935 version (kernel, fixed 2.6.17.7) [since FEDORA-2006-906]
 CVE-2006-2934 version (kernel, fixed 2.6.17.3) [since FEDORA-2006-772]


Index: fc6
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc6,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- fc6	6 Sep 2006 05:58:21 -0000	1.66
+++ fc6	6 Sep 2006 09:06:11 -0000	1.67
@@ -1,8 +1,9 @@
-Up to date CVE as of CVE email 20060903
+Up to date CVE as of CVE email 20060905
 Up to date FC6 as of Test2
 
 ** are items that need attention
 
+CVE-2006-4561 ** firefox
 CVE-2006-4538 VULNERABLE (kernel)
 CVE-2006-4535 VULNERABLE (kernel)
 CVE-2006-4507 ignore (libtiff) can't reproduce
@@ -10,14 +11,15 @@
 CVE-2006-4485 VULNERABLE (php, fixed 5.1.5)
 CVE-2006-4484 ignore (php, fixed 5.1.5)
 CVE-2006-4484 ignore (gd)
-CVE-2006-4483 ** php
+CVE-2006-4483 ignore (php) not linux
 CVE-2006-4482 VULNERABLE (php, fixed 5.1.5) fc5#204995
 CVE-2006-4481 ignore (php) safe mode isn't safe
 CVE-2006-4455 ignore (xchat) client DoS
-CVE-2006-4447 ** xorg
+CVE-2006-4447 ignore (xorg) not a security issue
 CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
-CVE-2006-4433 ** php
+CVE-2006-4433 version (php, fixed 5.1.4)
 CVE-2006-4380 version (mysql, fixed 4.1.13)
+CVE-2006-4339 VULNERABLE (openssl)
 CVE-2006-4333 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
 CVE-2006-4332 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
 CVE-2006-4331 VULNERABLE (wireshark, fixed 0.99.3) bz#204046 [fixed rawhide]
@@ -33,6 +35,8 @@
 CVE-2006-4146 VULNERABLE (gdb) fc5#204845
 CVE-2006-4145 VULNERABLE (kernel, fixed 2.6.17.10)
 CVE-2006-4144 VULNERABLE (ImageMagick, fixed 6.2.9) bz#202775 [fixed rawhide]
+CVE-2006-4096 ** bind
+CVE-2006-4095 ** bind
 CVE-2006-4093 VULERNABLE (kernel, fixed 2.6.17.9)
 CVE-2006-4031 VULNERABLE (mysql, fixed 5.0.24) bz#202675
 CVE-2006-4020 VULNERABLE (php) bz#202676
@@ -77,6 +81,7 @@
 CVE-2006-3677 VULNERABLE (thunderbird, fixed 1.5.0.5) bz#202678 [fixed rawhide]
 CVE-2006-3672 ignore (konqueror) just a crash
 CVE-2006-3665 ignore (squirrelmail) don't enable register_globals!
+CVE-2006-3636 ** mailman
 CVE-2006-3634 ignore (kernel, fixed 2.6.17.8) s390 only
 CVE-2006-3632 version (wireshark, fixed 0.99.2)
 CVE-2006-3631 version (wireshark, fixed 0.99.2)
@@ -124,6 +129,7 @@
 CVE-2006-3016 version (php, fixed 5.1.3)
 CVE-2006-3011 ignore (php) safe mode isn't safe
 CVE-2006-3005 ignore (libjpeg) not a vuln
+CVE-2006-2941 ** mailman
 CVE-2006-2936 version (kernel, fixed 2.6.17.7)
 CVE-2006-2935 version (kernel, fixed 2.6.17.7)
 CVE-2006-2934 version (kernel, fixed 2.6.17.3)
@@ -192,7 +198,7 @@
 CVE-2006-2199 version (openoffice.org, fixed 2.0.3)
 CVE-2006-2198 version (openoffice.org, fixed 2.0.3)
 CVE-2006-2194 ignore (ppp) pppd not suid
-CVE-2006-2193 VULNERABLE (libtiff) bz#202690
+CVE-2006-2193 VULNERABLE (libtiff) bz#202690 [fixed rawhide 3.8.2-6.fc6]
 CVE-2006-2120 version (libtiff, fixed 3.8.2 at least)
 CVE-2006-2083 version (rsync, fixed 2.6.8)
 CVE-2006-2073 ignore (bind) http://www.kb.cert.org/vuls/id/MIMG-6P8GRP
@@ -1853,7 +1859,7 @@
 CVE-2002-0062 version (ncurses, only 5.0)
 CVE-2002-0060 version (kernel, fixed 2.5.5)
 CVE-2002-0059 version (zlib, fixed 1.1.4)
-CVE-2002-0059 ** anything that includes zlib static, time for another audit!
+CVE-2002-0059 ** zlib (cvs, dump, gcc, libgcj, kernel, rsync, vnc)
 CVE-2002-0048 version (rsync, fixed 2.5.2)
 CVE-2002-0046 version (kernel, fixed 2.4.0)
 CVE-2002-0045 version (openldap, fixed 2.0.20)


