security [ARCHIVED] August 2006

security@lists.fedoraproject.org

9 participants
36 discussions

[Bug 201688] Clam AntiVirus Win32-UPX Heap Overflow
by Red Hat Bugzilla 08 Aug '06

08 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: Clam AntiVirus Win32-UPX Heap Overflow https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201688 tibbs(a)math.uh.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Security CC| |fedora-security- | |list(a)redhat.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 200357] major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812
by Red Hat Bugzilla 08 Aug '06

08 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 icon(a)fedoraproject.org changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |icon(a)fedoraproject.org ------- Additional Comments From icon(a)fedoraproject.org 2006-08-08 12:31 EST ------- Why are we still on 1.5.0.4? Unaddressed security problems in a major network applications generate lots of bad publicity for the project. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

08 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 gilboad(a)gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gilboad(a)gmail.com -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 194511] CVE-2006-2894 arbitrary file read vulnerability
by Red Hat Bugzilla 07 Aug '06

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2006-2894 arbitrary file read vulnerability https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194511 ------- Additional Comments From ville.skytta(a)iki.fi 2006-08-07 15:56 EST ------- I did not find a reference to this CVE in Mozilla advisories, assuming still vulnerable in 1.0.4. Kai, could you investigate? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 191095] multiple vulnerabilities in thttpds htpasswd utility
by Red Hat Bugzilla 07 Aug '06

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: multiple vulnerabilities in thttpds htpasswd utility https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191095 ------- Additional Comments From tibbs(a)math.uh.edu 2006-08-07 15:35 EST ------- Any reason these fixes couldn't go to the FC3 package as well? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 200455] New: Seamonkey multiple vulnerabilities: CVE-2006-3677, CVE-2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807
by Red Hat Bugzilla 07 Aug '06

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200455 Summary: Seamonkey multiple vulnerabilities: CVE-2006-3677, CVE- 2006-3803, CVE-2006-3804, CVE-2006-3806, CVE-2006-3807 Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: high Component: seamonkey AssignedTo: kengert(a)redhat.com ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com Arbitrary code execution: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3677 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3807 Denial of service: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3804 All these are reported against seamonkey < 1.0.3. FE[45] and devel affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

[Bug 200545] New: CVE-2006-3913, freeciv: server buffer overflow issues
by Red Hat Bugzilla 07 Aug '06

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200545 Summary: CVE-2006-3913, freeciv: server buffer overflow issues Product: Fedora Extras Version: fc5 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: freeciv AssignedTo: bdpepple(a)ameritech.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com CVE-2006-3913, http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3913 : Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c. All FE-[345] and devel are probably affected. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

07 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: major (public) security flaws fixed in firefox 1.5.0.5: CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803,CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200357 ------- Additional Comments From mattdm(a)mattdm.org 2006-08-07 13:03 EST ------- Can we have an update on this, please? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 0

[Bug 200795] New: xboard: world writable chess.png
by Red Hat Bugzilla 04 Aug '06

04 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200795 Summary: xboard: world writable chess.png Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: xboard AssignedTo: kaboom(a)oobleck.net ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com /usr/share/pixmaps/chess.png is world writable apparently due to bad umask setting in the FE build system; its maintainers have been notified. FE5 and devel are affected and this should be fixed in the package anyway, a fix is to use "install -pm 644" instead of cp to install the file. In the FE4 package the file is 664, not world writable, but I'd recommend fixing this in it too. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 2

[Bug 200794] New: zope: world writable files
by Red Hat Bugzilla 04 Aug '06

04 Aug '06

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200794 Summary: zope: world writable files Product: Fedora Extras Version: fc5 Platform: All OS/Version: Linux Status: NEW Severity: high Priority: urgent Component: zope AssignedTo: gauret(a)free.fr ReportedBy: ville.skytta(a)iki.fi QAContact: extras-qa(a)fedoraproject.org CC: extras-qa(a)fedoraproject.org,fedora-security- list(a)redhat.com The following files in zope are world writable apparently due to bad umask setting in the FE build system; its maintainers have been notified. /usr/lib/zope/skel/etc/logrotate.conf.in /usr/share/doc/zope-2.8.3/README.Fedora /var/lib/zope/etc/logrotate.conf FE[345] and devel are affected and this should be fixed in the package anyway, a fix is to use "install -pm 644" instead of cp when copying files around. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

1 4

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

security [ARCHIVED] August 2006