November 2006 - security [ARCHIVED]

[Bug 217950] New: CVE-2006-6169: gnupg2 < 2.0.1 buffer overflow

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217950 Summary: CVE-2006-6169: gnupg2 < 2.0.1 buffer overflow Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: gnupg2 AssignedTo: rdieter(a)math.unl.edu ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6171 "Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt." FE[3456] seem affected, devel looks ok. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
4
0 / 0

[Bug 217422] New: CVE-2006-0804: tin <= 1.8.0 arbitrary code execution vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217422 Summary: CVE-2006-0804: tin <= 1.8.0 arbitrary code execution vulnerability Product: Fedora Extras Version: fc3 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: tin AssignedTo: adrian(a)lisas.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0804 "Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow." Based on the version numbers, FE-3 seems affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
1
0 / 0

[Bug 217420] New: CVE-2006-6122: tin < 1.8.2 buffer overflow vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217420 Summary: CVE-2006-6122: tin < 1.8.2 buffer overflow vulnerabilities Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: tin AssignedTo: adrian(a)lisas.de ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6122 "Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804." FE-[345] currently have tin < 1.8.2. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
1
0 / 0

[Bug 216263] New: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216263 Summary: CVE-2006-5793: libpng10 < 1.0.21 DoS vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: libpng10 AssignedTo: paul(a)city-fan.org ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5793 "The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read." Appears to be fixed in 1.0.21. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 4 months

1
5
0 / 0

[Bug 217238] New: CVE-2006-6085: kile < 1.9.3 information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=217238 Summary: CVE-2006-6085: kile < 1.9.3 information disclosure Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6085 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: kile AssignedTo: rdieter(a)math.unl.edu ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6085 "Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information." All FE releases currently have kile < 1.9.3. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 5 months

1
2
0 / 0

[Bug 198106] New: CVE-2006-3458: Zope local information disclosure

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198106 Summary: CVE-2006-3458: Zope local information disclosure Product: Fedora Extras Version: fc5 Platform: All URL: http://www.zope.org/Products/Zope/Hotfix-2006-07- 05/Hotfix-20060705/README.txt OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: zope AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Unspecified vulnerability in Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text". http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3458 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-20060705/READM... Based on the version numbers, all FC-3+ appear to be vulnerable. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 5 months

1
10
0 / 0

[Bug 212700] New: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=212700 Summary: CVE-2006-5601: xsupplicant < 1.2.8 (?) stack smashing vulnerability Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601 OS/Version: Linux Status: NEW Severity: high Priority: normal Component: xsupplicant AssignedTo: tcallawa(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5601 http://open1x.sourceforge.net/ "7 Oct 2006 -- Xsupplicant 1.2.8 is now available for download. This release has several bug fixes in it, including a fix to a stack smash that could potentially lead to a remote root exploit." Seems to affect all FE versions. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 5 months

1
4
0 / 0

[Bug 216186] New: CVE-2006-5705

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216186 Summary: CVE-2006-5705 Product: Fedora Extras Version: devel Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: wordpress AssignedTo: jwb(a)redhat.com ReportedBy: dennis(a)ausil.us QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Description of problem: wordpress 2.04 has a multiple security Vulnerabilities little detail is available 2.05 is reported to be not Vunerable. Please update FC-4 FC-5 FC-6 and devel to the newer version. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 5 months

1
1
0 / 0

[Bug 214822] New: seamonkey < 1.0.6 multiple vulnerabilities

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=214822 Summary: seamonkey < 1.0.6 multiple vulnerabilities Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: seamonkey AssignedTo: kengert(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5748 -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 5 months

1
2
0 / 0

[Bug 215077] New: CVE-2006-5848: trac < 0.10.1 cross site request forgery vulnerability

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215077 Summary: CVE-2006-5848: trac < 0.10.1 cross site request forgery vulnerability Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: high Component: trac AssignedTo: fedora(a)soeterbroek.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5848 "Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors." Affects all FC-3+ FE versions. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

17 years, 5 months

1
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] November 2006