[Bug 192830] New: CVE-2006-2453 Additional dia format string flaws
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
Summary: CVE-2006-2453 Additional dia format string flaws
Product: Fedora Extras
Version: fc5
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: dia
AssignedTo: j.w.r.degoede(a)hhs.nl
ReportedBy: bressers(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
A number of additional format string issues were discovered by Hans de Goede and
has been assigned the CVE id CVE-2006-2453.
The fix is attachment 129852
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
16 years, 7 months
Extras errata
by Josh Bressers
Hi everyone,
I finally checked in an extras errata generation system. It's rather
trivial. I've been sitting on this for a few weeks and just haven't had
time to clean it up enough to commit it.
The bits are here:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/extras-errata/?root=...
If you have the fedora-security CVS repository checked out you should just
have to do a cvs up to get it.
The readme file has some details on how things work. In a nutshell you
just have to run the errata-gen command, which places an advisory into the
errata directory for you. Then just edit away.
Now we have to think about how editing should be handled. I'm thinking at
least one other team member should approve an errata before it gets mailed.
Thoughts?
--
JB
17 years, 8 months
Implementing Security Policies
by Bhaskar
Dear All,
I am trying to implement some security policies like password, login, etc.
On googling regarding the security policies, I found them implemented
through SELinux and PAM modules.
Can any one provide a pointer to the exact starting point for implementing
the security policies.
Regards,
Bhaskar.
17 years, 10 months
controlling "background services", closing ports
by David Burns
I recently installed fedora core 5 on two systems.
Is the system/administration/services GUI thing discussed in the
documentation somewhere? (I can't seem to find anything except selinux.) I'd
like to know a bit more about what the consequences of turning off some
services might be. There is a terse description available in the tool, but
it doesn't make it clear what will happen if I turn 'em off. For instance, I
don't really know whether I need to "Listen and dispatch ACPI events from
the kernel. (acpid)" Hate to just turn them all off & see what breaks.
Also, I'm running nmap and lsof to try to figure out my open ports so I can
close those I don't need and tell the firewall about the ones I do need.
*nmap -sT -O mysystem ; *
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-06-19 17:06 HST
Interesting ports on lin...
(The 1666 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
111/tcp open rpcbind
587/tcp open submission
603/tcp open mnotes ??? What are these? How would I find out?
841/tcp open unknown ???
868/tcp open unknown ???
2049/tcp open nfs
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Linux 2.5.25 - 2.6.8 or Gentoo 1.2 Linux
2.4.19 rc1-rc7, Linux 2.6.3 - 2.6.10
Nmap finished: 1 IP address (1 host up) scanned in 2.290 seconds
Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-06-19 17:06 HST
Interesting ports on ... <http://ao.soest.hawaii.edu/>:
(The 1668 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
640/tcp open unknown ?
666/tcp open doom *****???????????????!!!!*********** I did
not knowingly turn this on, don't know what service it is associated with.
773/tcp open submit
2049/tcp open nfs
MAC Address: ... (Dell Computer)
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.4.0 - 2.5.20, Linux 2.4.7 - 2.6.11
Nmap finished: 1 IP address (1 host up) scanned in 2.670 seconds
lsof|grep LISTEN
portmap 1720 rpc 4u IPv4 5412 TCP
*:sunrpc (LISTEN)
rpc.statd 1739 rpcuser 7u IPv4 5522 TCP
*:36911 (LISTEN)
ypbind 1864 root 5u IPv4 5771 TCP
*:submit (LISTEN)
sshd 2114 root 3u IPv6 6199 TCP *:ssh
(LISTEN)
rpc.rquot 2131 root 4u IPv4 6281 TCP
*:entrust-sps (LISTEN)
rpc.mount 2165 root 7u IPv4 6378 TCP
*:mdqs (LISTEN)
There's some info in /etc/services, but not enough for me to "get it."
I hope this is the right forum for these questions. Thanks in advance for
any answers!
TDB
17 years, 10 months
FYI- Re: FWD: Re: New Mozilla vulnerabilities??
by David Eisenstein
David Eisenstein wrote:
> Dennis Gilmore wrote:
>
>>>The Firefox maintainer, Chris Aillon asked me to forward this along to
>>>this
>>>list. He's swamped right now trying to get the fixes for the various
>>>Mozilla security issues backported. He's looking for anyone willing to
>>>help roll new Firefox packages for FC5 and rawhide.
>>>
>>>Thanks.
>>>
>>
>>Work is underway I have test builds compiling now
>>
>>Dennis
Since Bugzilla barfed yesterday, this bug has been re-entered as Bug #195241:
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195241>. -David
17 years, 10 months
[Bug 192990] New: CVE-2005-2295 - netpanzer server remote DOS
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192990
Summary: CVE-2005-2295 - netpanzer server remote DOS
Product: Fedora Extras
Version: fc5
Platform: All
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2295
OS/Version: Linux
Status: NEW
Severity: normal
Priority: normal
Component: netpanzer
AssignedTo: hugo(a)devin.com.br
ReportedBy: tibbs(a)math.uh.edu
QAContact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,fedora-security-
list(a)redhat.com
(from the CVE):
NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service
(infinite loop) via a packet with a zero datablock size.
It seems this has been fixed in upstream SVN, but no release has been made and
unfortunately upstream webSVN seems not to be responding for me.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
17 years, 10 months
